BMAD-METHOD/bmad/bmm/workflows/testarch/test-design/checklist.md

# Test Design and Risk Assessment - Validation Checklist

## Prerequisites

- [ ] Story markdown with clear acceptance criteria exists
- [ ] PRD or epic documentation available
- [ ] Architecture documents available (optional)
- [ ] Requirements are testable and unambiguous

## Process Steps

### Step 1: Context Loading

- [ ] PRD.md read and requirements extracted
- [ ] Epics.md or specific epic documentation loaded
- [ ] Story markdown with acceptance criteria analyzed
- [ ] Architecture documents reviewed (if available)
- [ ] Existing test coverage analyzed
- [ ] Knowledge base fragments loaded (risk-governance, probability-impact, test-levels, test-priorities)

### Step 2: Risk Assessment

- [ ] Genuine risks identified (not just features)
- [ ] Risks classified by category (TECH/SEC/PERF/DATA/BUS/OPS)
- [ ] Probability scored (1-3 for each risk)
- [ ] Impact scored (1-3 for each risk)
- [ ] Risk scores calculated (probability × impact)
- [ ] High-priority risks (score ≥6) flagged
- [ ] Mitigation plans defined for high-priority risks
- [ ] Owners assigned for each mitigation
- [ ] Timelines set for mitigations
- [ ] Residual risk documented

### Step 3: Coverage Design

- [ ] Acceptance criteria broken into atomic scenarios
- [ ] Test levels selected (E2E/API/Component/Unit)
- [ ] No duplicate coverage across levels
- [ ] Priority levels assigned (P0/P1/P2/P3)
- [ ] P0 scenarios meet strict criteria (blocks core + high risk + no workaround)
- [ ] Data prerequisites identified
- [ ] Tooling requirements documented
- [ ] Execution order defined (smoke → P0 → P1 → P2/P3)

### Step 4: Deliverables Generation

- [ ] Risk assessment matrix created
- [ ] Coverage matrix created
- [ ] Execution order documented
- [ ] Resource estimates calculated
- [ ] Quality gate criteria defined
- [ ] Output file written to correct location
- [ ] Output file uses template structure

## Output Validation

### Risk Assessment Matrix

- [ ] All risks have unique IDs (R-001, R-002, etc.)
- [ ] Each risk has category assigned
- [ ] Probability values are 1, 2, or 3
- [ ] Impact values are 1, 2, or 3
- [ ] Scores calculated correctly (P × I)
- [ ] High-priority risks (≥6) clearly marked
- [ ] Mitigation strategies specific and actionable

### Coverage Matrix

- [ ] All requirements mapped to test levels
- [ ] Priorities assigned to all scenarios
- [ ] Risk linkage documented
- [ ] Test counts realistic
- [ ] Owners assigned where applicable
- [ ] No duplicate coverage (same behavior at multiple levels)

### Execution Order

- [ ] Smoke tests defined (<5 min target)
- [ ] P0 tests listed (<10 min target)
- [ ] P1 tests listed (<30 min target)
- [ ] P2/P3 tests listed (<60 min target)
- [ ] Order optimizes for fast feedback

### Resource Estimates

- [ ] P0 hours calculated (count × 2 hours)
- [ ] P1 hours calculated (count × 1 hour)
- [ ] P2 hours calculated (count × 0.5 hours)
- [ ] P3 hours calculated (count × 0.25 hours)
- [ ] Total hours summed
- [ ] Days estimate provided (hours / 8)
- [ ] Estimates include setup time

### Quality Gate Criteria

- [ ] P0 pass rate threshold defined (should be 100%)
- [ ] P1 pass rate threshold defined (typically ≥95%)
- [ ] High-risk mitigation completion required
- [ ] Coverage targets specified (≥80% recommended)

## Quality Checks

### Evidence-Based Assessment

- [ ] Risk assessment based on documented evidence
- [ ] No speculation on business impact
- [ ] Assumptions clearly documented
- [ ] Clarifications requested where needed
- [ ] Historical data referenced where available

### Risk Classification Accuracy

- [ ] TECH risks are architecture/integration issues
- [ ] SEC risks are security vulnerabilities
- [ ] PERF risks are performance/scalability concerns
- [ ] DATA risks are data integrity issues
- [ ] BUS risks are business/revenue impacts
- [ ] OPS risks are deployment/operational issues

### Priority Assignment Accuracy

- [ ] P0: Truly blocks core functionality
- [ ] P0: High-risk (score ≥6)
- [ ] P0: No workaround exists
- [ ] P1: Important but not blocking
- [ ] P2/P3: Nice-to-have or edge cases

### Test Level Selection

- [ ] E2E used only for critical paths
- [ ] API tests cover complex business logic
- [ ] Component tests for UI interactions
- [ ] Unit tests for edge cases and algorithms
- [ ] No redundant coverage

## Integration Points

### Knowledge Base Integration

- [ ] risk-governance.md consulted
- [ ] probability-impact.md applied
- [ ] test-levels-framework.md referenced
- [ ] test-priorities-matrix.md used
- [ ] Additional fragments loaded as needed

### Status File Integration

- [ ] bmm-workflow-status.md exists
- [ ] Test design logged in Quality & Testing Progress
- [ ] Epic number and scope documented
- [ ] Completion timestamp recorded

### Workflow Dependencies

- [ ] Can proceed to `atdd` workflow with P0 scenarios
- [ ] Can proceed to `automate` workflow with full coverage plan
- [ ] Risk assessment informs `gate` workflow criteria
- [ ] Integrates with `ci` workflow execution order

## Completion Criteria

**All must be true:**

- [ ] All prerequisites met
- [ ] All process steps completed
- [ ] All output validations passed
- [ ] All quality checks passed
- [ ] All integration points verified
- [ ] Output file complete and well-formatted
- [ ] Team review scheduled (if required)

## Post-Workflow Actions

**User must complete:**

1. [ ] Review risk assessment with team
2. [ ] Prioritize mitigation for high-priority risks (score ≥6)
3. [ ] Allocate resources per estimates
4. [ ] Run `atdd` workflow to generate P0 tests
5. [ ] Set up test data factories and fixtures
6. [ ] Schedule team review of test design document

**Recommended next workflows:**

1. [ ] Run `atdd` workflow for P0 test generation
2. [ ] Run `framework` workflow if not already done
3. [ ] Run `ci` workflow to configure pipeline stages

## Rollback Procedure

If workflow fails:

1. [ ] Delete output file
2. [ ] Review error logs
3. [ ] Fix missing context (PRD, architecture docs)
4. [ ] Clarify ambiguous requirements
5. [ ] Retry workflow

## Notes

### Common Issues

**Issue**: Too many P0 tests

- **Solution**: Apply strict P0 criteria - must block core AND high risk AND no workaround

**Issue**: Risk scores all high

- **Solution**: Differentiate between high-impact (3) and degraded (2) impacts

**Issue**: Duplicate coverage across levels

- **Solution**: Use test pyramid - E2E for critical paths only

**Issue**: Resource estimates too high

- **Solution**: Invest in fixtures/factories to reduce per-test setup time

### Best Practices

- Base risk assessment on evidence, not assumptions
- High-priority risks (≥6) require immediate mitigation
- P0 tests should cover <10% of total scenarios
- Avoid testing same behavior at multiple levels
- Include smoke tests (P0 subset) for fast feedback

---

**Checklist Complete**: Sign off when all items validated.

**Completed by:** **\*\***\_\_\_**\*\***
**Date:** **\*\***\_\_\_**\*\***
**Epic:** **\*\***\_\_\_**\*\***
**Notes:** \***\*\*\*\*\***\*\*\***\*\*\*\*\***\_\_\_\***\*\*\*\*\***\*\*\***\*\*\*\*\***
-												docs: massive documentation overhaul + introduce Paige (Documentation Guide agent)

## 📚 Complete Documentation Restructure

**BMM Documentation Hub Created:**
- New centralized documentation system at `src/modules/bmm/docs/`
- 18 comprehensive guides organized by topic (7000+ lines total)
- Clear learning paths for greenfield, brownfield, and quick spec flows
- Professional technical writing standards throughout

**New Documentation:**
- `README.md` - Complete documentation hub with navigation
- `quick-start.md` - 15-minute getting started guide
- `agents-guide.md` - Comprehensive 12-agent reference (45 min read)
- `party-mode.md` - Multi-agent collaboration guide (20 min read)
- `scale-adaptive-system.md` - Deep dive on Levels 0-4 (42 min read)
- `brownfield-guide.md` - Existing codebase development (53 min read)
- `quick-spec-flow.md` - Rapid Level 0-1 development (26 min read)
- `workflows-analysis.md` - Phase 1 workflows (12 min read)
- `workflows-planning.md` - Phase 2 workflows (19 min read)
- `workflows-solutioning.md` - Phase 3 workflows (13 min read)
- `workflows-implementation.md` - Phase 4 workflows (33 min read)
- `workflows-testing.md` - Testing & QA workflows (29 min read)
- `workflow-architecture-reference.md` - Architecture workflow deep-dive
- `workflow-document-project-reference.md` - Document-project workflow reference
- `enterprise-agentic-development.md` - Team collaboration patterns
- `faq.md` - Comprehensive Q&A covering all topics
- `glossary.md` - Complete terminology reference
- `troubleshooting.md` - Common issues and solutions

**Documentation Improvements:**
- Removed all version/date footers (git handles versioning)
- Agent customization docs now include full rebuild process
- Cross-referenced links between all guides
- Reading time estimates for all major docs
- Consistent professional formatting and structure

**Consolidated & Streamlined:**
- Module README (`src/modules/bmm/README.md`) streamlined to lean signpost
- Root README polished with better hierarchy and clear CTAs
- Moved docs from root `docs/` to module-specific locations
- Better separation of user docs vs. developer reference

## 🤖 New Agent: Paige (Documentation Guide)

**Role:** Technical documentation specialist and information architect

**Expertise:**
- Professional technical writing standards
- Documentation structure and organization
- Information architecture and navigation
- User-focused content design
- Style guide enforcement

**Status:** Work in progress - Paige will evolve as documentation needs grow

**Integration:**
- Listed in agents-guide.md, glossary.md, FAQ
- Available for all phases (documentation is continuous)
- Can be customized like all BMM agents

## 🔧 Additional Changes

- Updated agent manifest with Paige
- Updated workflow manifest with new documentation workflows
- Fixed workflow-to-agent mappings across all guides
- Improved root README with clearer Quick Start section
- Better module structure explanations
- Enhanced community links with Discord channel names

**Total Impact:**
- 18 new/restructured documentation files
- 7000+ lines of professional technical documentation
- Complete navigation system with cross-references
- Clear learning paths for all user types
- Foundation for knowledge base (coming in beta)

Co-Authored-By: Claude <noreply@anthropic.com>

											
										
										
											2025-11-02 21:18:33 -06:00
+								# Test Design and Risk Assessment - Validation Checklist
 								## Prerequisites
 								- [ ] Story markdown with clear acceptance criteria exists
 								- [ ] PRD or epic documentation available
 								- [ ] Architecture documents available (optional)
 								- [ ] Requirements are testable and unambiguous
 								## Process Steps
 								### Step 1: Context Loading
 								- [ ] PRD.md read and requirements extracted
 								- [ ] Epics.md or specific epic documentation loaded
 								- [ ] Story markdown with acceptance criteria analyzed
 								- [ ] Architecture documents reviewed (if available)
 								- [ ] Existing test coverage analyzed
 								- [ ] Knowledge base fragments loaded (risk-governance, probability-impact, test-levels, test-priorities)
 								### Step 2: Risk Assessment
 								- [ ] Genuine risks identified (not just features)
 								- [ ] Risks classified by category (TECH/SEC/PERF/DATA/BUS/OPS)
 								- [ ] Probability scored (1-3 for each risk)
 								- [ ] Impact scored (1-3 for each risk)
 								- [ ] Risk scores calculated (probability × impact)
 								- [ ] High-priority risks (score ≥6) flagged
 								- [ ] Mitigation plans defined for high-priority risks
 								- [ ] Owners assigned for each mitigation
 								- [ ] Timelines set for mitigations
 								- [ ] Residual risk documented
 								### Step 3: Coverage Design
 								- [ ] Acceptance criteria broken into atomic scenarios
 								- [ ] Test levels selected (E2E/API/Component/Unit)
 								- [ ] No duplicate coverage across levels
 								- [ ] Priority levels assigned (P0/P1/P2/P3)
 								- [ ] P0 scenarios meet strict criteria (blocks core + high risk + no workaround)
 								- [ ] Data prerequisites identified
 								- [ ] Tooling requirements documented
 								- [ ] Execution order defined (smoke → P0 → P1 → P2/P3)
 								### Step 4: Deliverables Generation
 								- [ ] Risk assessment matrix created
 								- [ ] Coverage matrix created
 								- [ ] Execution order documented
 								- [ ] Resource estimates calculated
 								- [ ] Quality gate criteria defined
 								- [ ] Output file written to correct location
 								- [ ] Output file uses template structure
 								## Output Validation
 								### Risk Assessment Matrix
 								- [ ] All risks have unique IDs (R-001, R-002, etc.)
 								- [ ] Each risk has category assigned
 								- [ ] Probability values are 1, 2, or 3
 								- [ ] Impact values are 1, 2, or 3
 								- [ ] Scores calculated correctly (P × I)
 								- [ ] High-priority risks (≥6) clearly marked
 								- [ ] Mitigation strategies specific and actionable
 								### Coverage Matrix
 								- [ ] All requirements mapped to test levels
 								- [ ] Priorities assigned to all scenarios
 								- [ ] Risk linkage documented
 								- [ ] Test counts realistic
 								- [ ] Owners assigned where applicable
 								- [ ] No duplicate coverage (same behavior at multiple levels)
 								### Execution Order
 								- [ ] Smoke tests defined (<5 min target)
 								- [ ] P0 tests listed (<10 min target)
 								- [ ] P1 tests listed (<30 min target)
 								- [ ] P2/P3 tests listed (<60 min target)
 								- [ ] Order optimizes for fast feedback
 								### Resource Estimates
 								- [ ] P0 hours calculated (count × 2 hours)
 								- [ ] P1 hours calculated (count × 1 hour)
 								- [ ] P2 hours calculated (count × 0.5 hours)
 								- [ ] P3 hours calculated (count × 0.25 hours)
 								- [ ] Total hours summed
 								- [ ] Days estimate provided (hours / 8)
 								- [ ] Estimates include setup time
 								### Quality Gate Criteria
 								- [ ] P0 pass rate threshold defined (should be 100%)
 								- [ ] P1 pass rate threshold defined (typically ≥95%)
 								- [ ] High-risk mitigation completion required
 								- [ ] Coverage targets specified (≥80% recommended)
 								## Quality Checks
 								### Evidence-Based Assessment
 								- [ ] Risk assessment based on documented evidence
 								- [ ] No speculation on business impact
 								- [ ] Assumptions clearly documented
 								- [ ] Clarifications requested where needed
 								- [ ] Historical data referenced where available
 								### Risk Classification Accuracy
 								- [ ] TECH risks are architecture/integration issues
 								- [ ] SEC risks are security vulnerabilities
 								- [ ] PERF risks are performance/scalability concerns
 								- [ ] DATA risks are data integrity issues
 								- [ ] BUS risks are business/revenue impacts
 								- [ ] OPS risks are deployment/operational issues
 								### Priority Assignment Accuracy
 								- [ ] P0: Truly blocks core functionality
 								- [ ] P0: High-risk (score ≥6)
 								- [ ] P0: No workaround exists
 								- [ ] P1: Important but not blocking
 								- [ ] P2/P3: Nice-to-have or edge cases
 								### Test Level Selection
 								- [ ] E2E used only for critical paths
 								- [ ] API tests cover complex business logic
 								- [ ] Component tests for UI interactions
 								- [ ] Unit tests for edge cases and algorithms
 								- [ ] No redundant coverage
 								## Integration Points
 								### Knowledge Base Integration
 								- [ ] risk-governance.md consulted
 								- [ ] probability-impact.md applied
 								- [ ] test-levels-framework.md referenced
 								- [ ] test-priorities-matrix.md used
 								- [ ] Additional fragments loaded as needed
 								### Status File Integration
 								- [ ] bmm-workflow-status.md exists
 								- [ ] Test design logged in Quality & Testing Progress
 								- [ ] Epic number and scope documented
 								- [ ] Completion timestamp recorded
 								### Workflow Dependencies
 								- [ ] Can proceed to `atdd` workflow with P0 scenarios
 								- [ ] Can proceed to `automate` workflow with full coverage plan
 								- [ ] Risk assessment informs `gate` workflow criteria
 								- [ ] Integrates with `ci` workflow execution order
 								## Completion Criteria
 								**All must be true:**
 								- [ ] All prerequisites met
 								- [ ] All process steps completed
 								- [ ] All output validations passed
 								- [ ] All quality checks passed
 								- [ ] All integration points verified
 								- [ ] Output file complete and well-formatted
 								- [ ] Team review scheduled (if required)
 								## Post-Workflow Actions
 								**User must complete:**
 . [ ] Review risk assessment with team
 . [ ] Prioritize mitigation for high-priority risks (score ≥6)
 . [ ] Allocate resources per estimates
 . [ ] Run `atdd` workflow to generate P0 tests
 . [ ] Set up test data factories and fixtures
 . [ ] Schedule team review of test design document
 								**Recommended next workflows:**
 . [ ] Run `atdd` workflow for P0 test generation
 . [ ] Run `framework` workflow if not already done
 . [ ] Run `ci` workflow to configure pipeline stages
 								## Rollback Procedure
 								If workflow fails:
 . [ ] Delete output file
 . [ ] Review error logs
 . [ ] Fix missing context (PRD, architecture docs)
 . [ ] Clarify ambiguous requirements
 . [ ] Retry workflow
 								## Notes
 								### Common Issues
 								**Issue**: Too many P0 tests
 								- **Solution**: Apply strict P0 criteria - must block core AND high risk AND no workaround
 								**Issue**: Risk scores all high
 								- **Solution**: Differentiate between high-impact (3) and degraded (2) impacts
 								**Issue**: Duplicate coverage across levels
 								- **Solution**: Use test pyramid - E2E for critical paths only
 								**Issue**: Resource estimates too high
 								- **Solution**: Invest in fixtures/factories to reduce per-test setup time
 								### Best Practices
 								- Base risk assessment on evidence, not assumptions
 								- High-priority risks (≥6) require immediate mitigation
 								- P0 tests should cover <10% of total scenarios
 								- Avoid testing same behavior at multiple levels
 								- Include smoke tests (P0 subset) for fast feedback
 								---
 								**Checklist Complete**: Sign off when all items validated.
 								**Completed by:** **\*\***\_\_\_**\*\***
 								**Date:** **\*\***\_\_\_**\*\***
 								**Epic:** **\*\***\_\_\_**\*\***
 								**Notes:** \***\*\*\*\*\***\*\*\***\*\*\*\*\***\_\_\_\***\*\*\*\*\***\*\*\***\*\*\*\*\***