test-strategy-doc
$
npx mdskill add mohitagw15856/pm-claude-skills/test-strategy-docProduces a complete test strategy from a feature spec, PRD, or system description — covering scope, test types, risk areas, coverage requirements, and a prioritised test case outline.
SKILL.md
.github/skills/test-strategy-docView on GitHub ↗
--- name: test-strategy-doc description: "Write a test strategy document from a feature spec, PRD, or system description. Use when asked to create a test plan, write a test strategy, define QA approach, or plan testing for a feature or release. Produces a complete test strategy with scope, risk assessment, test types, coverage targets, and a prioritised test case outline." --- # Test Strategy Document Skill Produces a complete test strategy from a feature spec, PRD, or system description — covering scope, test types, risk areas, coverage requirements, and a prioritised test case outline. ## Required Inputs Ask for these if not provided: - **Feature or system being tested** (paste a spec, PRD, or describe it in plain English) - **Tech stack** (language and framework — e.g. TypeScript + React, Python + FastAPI) - **Existing test coverage** (e.g. "we have unit tests but no E2E tests", "we use Jest + Playwright already", or "starting from scratch") - **Deployment cadence** (e.g. continuous deployment / weekly releases / quarterly — affects what must be automated vs. manual) - **Risk level** (low / medium / high / critical — affects depth and coverage requirements) - **Timeline** (when does this need to ship — affects prioritisation) - **Team context** (who is doing the testing — developers / dedicated QA / both) ## Output Format ### 1. Test Scope **In scope:** - [Specific functionality being tested] - [Integration points covered] - [User-facing flows included] **Out of scope:** - [What is deliberately not tested here — and why] - [Dependencies owned by other teams] **Assumptions:** - [What the test strategy assumes is true — e.g. mocked services, test data availability] ### 2. Risk Assessment Identify the highest-risk areas first — these drive depth and coverage: | Area | Risk Level | Why | Test Priority | |---|---|---|---| | [e.g. Payment processing] | High | Money movement, regulatory | P0 — exhaustive | | [e.g. User authentication] | High | Security boundary | P0 — exhaustive | | [e.g. Email notifications] | Medium | External dependency | P1 — happy path + key failures | | [e.g. UI copy changes] | Low | Visual only, reversible | P2 — smoke only | ### 3. Test Types and Coverage **Unit Tests** - **What:** Individual functions and methods in isolation - **Who writes:** Developer - **Coverage target:** [e.g. 80% line coverage on new code / 100% on critical paths] - **Tools:** [e.g. Jest, pytest, go test] - **Focus areas for this feature:** [Specific logic that needs unit coverage] **Integration Tests** - **What:** Service interactions, database operations, API contracts - **Who writes:** Developer / QA - **Coverage target:** [All happy paths + key failure modes] - **Tools:** [e.g. Supertest, pytest + testcontainers] - **Focus areas:** [Specific integrations at risk — e.g. third-party API, DB schema changes] **End-to-End Tests** - **What:** Critical user journeys from browser/client to database - **Who writes:** QA / Developer - **Coverage target:** [Top N user journeys — list them] - **Tools:** [e.g. Playwright, Cypress, Selenium] - **Focus areas:** [The 3–5 most critical user flows] **Performance Tests** *(include if any row in the Risk Assessment table has performance as a risk factor, regardless of overall risk level)* - **What:** Load, stress, or latency testing - **Targets:** [Specific numbers — e.g. 200 req/sec at p95 < 200ms] - **Tools:** [e.g. k6, Locust, JMeter] **Security Tests** *(include only if risk is high+)* - **What:** OWASP Top 10 checks relevant to this feature - **Focus:** [Auth bypasses, injection, data exposure] - **Tools:** [e.g. OWASP ZAP, manual penetration testing, Snyk] ### 4. Test Case Outline Priority-ordered list of specific test cases: **P0 — Must pass before merge:** | Test Case | Type | Expected Outcome | |---|---|---| | [e.g. User can log in with valid credentials] | E2E | [Redirect to dashboard, session created] | | [e.g. Invalid login returns 401] | Integration | [Error message displayed, no session] | | [e.g. Password is never stored in plain text] | Unit | [bcrypt hash in DB] | **P1 — Must pass before release:** | Test Case | Type | Expected Outcome | |---|---|---| | [e.g. Login fails gracefully when DB is down] | Integration | [User sees friendly error, 503] | | [e.g. Rate limiting blocks after 5 failed attempts] | Integration | [429 returned, account flagged] | **P2 — Should pass, can ship with known issues tracked:** | Test Case | Type | Expected Outcome | |---|---|---| | [e.g. Login page renders correctly on mobile] | E2E | [Layout matches design] | ### 5. Test Data Requirements - [Specific test data needed — e.g. test user accounts with various states] - [External service stubs or mocks needed] - [Database seed data requirements] - [Any PII concerns and how test data handles them] ### 6. Definition of Done Testing is complete when: - [ ] All P0 test cases pass - [ ] All P1 test cases pass - [ ] Code coverage meets the stated target - [ ] No critical or high severity bugs open - [ ] Performance targets met (if applicable) - [ ] Security checks completed (if applicable) ## Quality Checks - [ ] Risk table is populated and drives test priority (not filled in generically) - [ ] Every "P0 — exhaustive" row in the Risk Assessment table has at least one corresponding P0 test case - [ ] "Out of scope" section names at least one explicit exclusion (not left blank) - [ ] Each test type names a concrete tool (not "some testing framework") - [ ] Definition of Done is measurable (not "tests are done when QA is happy") ## Usage Examples - "Write a test strategy for [feature]" + [paste spec or PRD] - "Create a test plan for [system]" - "How should we test [feature]?" - "I need a QA plan for this sprint" - "What tests do we need for [X]?"
More from mohitagw15856/pm-claude-skills
- 360-feedback-templateDesign a 360-degree feedback survey or write a structured 360 feedback report. Use when asked to build a 360 feedback process, write 360 feedback for a colleague, design a feedback survey, or produce a feedback report. Produces either a complete survey instrument with rating scales and open-ended questions, or a structured narrative feedback report with themes, strengths, and development areas.
- ab-test-plannerDesign statistically rigorous A/B tests for product features, UI changes, onboarding flows, and pricing experiments. Use when asked to set up an experiment, design an A/B test, calculate sample size, or interpret test results. Produces a complete test plan with hypothesis, variant definitions, sample size, duration estimate, guardrail metrics, and a results interpretation guide.
- accessibility-auditGenerate a WCAG 2.2 accessibility audit checklist and remediation suggestions for any UI or design. Use when asked to audit for accessibility, check WCAG compliance, review a design for a11y issues, or create an accessibility remediation plan. Produces a prioritised checklist with pass/fail assessments and specific fixes.
- account-planBuild a structured account plan for any key customer or target account. Use when asked to create an account plan, key account strategy, strategic account review, or territory plan. Produces a complete account plan with relationship map, growth opportunities, risks, and 90-day action plan.
- aeo-optimizerOptimize an article for Answer Engine Optimization (AEO) — restructuring content so AI engines like ChatGPT, Perplexity, and Claude can extract, quote, and cite it. Rewrites headings as questions, drops 50-80 word answer capsules, audits paragraph length, and flags trust signals. Use when asked to AEO-optimize, make content AI-readable, improve AI citation chances, or adapt an article for answer engines.
- ai-ethics-reviewConduct an ethical review of an AI or ML feature, model, or product. Use when asked to run an AI ethics review, assess AI risks, audit a model for bias, or produce an AI impact assessment. Produces a structured ethics review covering fairness, transparency, privacy, safety, accountability, and societal impact with prioritised mitigations.
- ai-product-canvasStructure AI and ML product decisions with the rigour of any product decision. Use when building AI-powered features, evaluating LLM integrations, designing AI products, or assessing AI readiness. Produces a complete AI product canvas covering problem definition, model approach, data requirements, evaluation framework, UX design, responsible AI checklist, and launch monitoring plan.
- ambiguity-resolverStructure vague opportunities and unclear briefs into actionable one-page problem statements. Use when asked to clarify a vague brief, frame an undefined problem, make sense of an unclear opportunity, or when the user says 'we need to figure out what to do about X' or 'I've been asked to look into Y'. Produces a structured problem brief with reframed questions, scoped boundaries, and a minimum viable research plan.
- api-docs-writerWrite clear, developer-facing API documentation. Use when asked to document an API endpoint, write API reference docs, create a developer guide, or turn a raw spec/Postman collection into documentation. Produces endpoint documentation with descriptions, parameters, request/response examples, and error codes.
- api-versioning-strategyWrite an API versioning strategy document for a service or API platform. Use when asked to define versioning policy, plan API deprecation, classify breaking changes, or document version lifecycle. Produces a complete versioning strategy with breaking-change classification table, deprecation timeline, migration guide template, and client communication template.