# TestFlowHub Required Skills This document outlines the core skills, technologies, framework knowledge, and architectural rules required to effectively contribute to the TestFlowHub ecosystem. ## 🚨 The Golden Rules of Development 🚨 1. **Mandatory Unit Testing**: NO feature is considered complete without tests. Every new service, component, API endpoint, or utility MUST be accompanied by comprehensive Unit Tests (`xUnit`/`Moq` for the backend, `Jasmine`/`Karma` for the frontend). 2. **Accessibility-First (a11y)**: ALWAYS keep accessibility in mind when developing the user interface. Every custom interactive element must be keyboard navigable, proper ARIA attributes must be used, and contrast ratios must be checked. WCAG 2.1 compliance is strictly enforced. ## 1. Domain Knowledge: Test Management & QA - **Context-Driven Testing**: Applying testing practices that adapt to the specific context of the project, focusing on real-world value, risk assessment, and exploratory mindsets over rigid, scripted methodologies. - **Test Management Strategy**: Deep understanding of the lifecycle of Test Specifications, Test Cases, exploratory testing missions, and requirement traceability. - **Quality Assurance Principles**: Designing comprehensive test permutations, analyzing test metrics (e.g., Requirement Heatmap), and managing synthetic test data effectively. ## 2. Core Architectural & Development Rules - **Tenant-Wise Logic**: ALWAYS develop new features with strict multi-tenant data isolation. Every database query, API endpoint, and data manipulation must be scoped securely to the active `TenantId`. - **Project-Wise Scoping**: Ensure that all test artifacts and substantive records (e.g., Test Cases, Runs, Requirements, Milestones) are strictly categorized and queried project-wise to maintain streamlined, organized data boundaries. ## 3. Engineering Culture & Best Practices (Meta-Testing) - **Testing the Testing Tool**: Our tool manages quality; its own code must be impeccable. You must understand and utilize: - **Unit & Integration Testing**: **xUnit/NUnit**, **Moq**, and **TestContainers** for mocking and spinning up isolated PostgreSQL databases for repository tests. - **Automated E2E Testing**: Frameworks like **Playwright** or **Cypress** to guarantee critical user flows never break. ## 4. Performance & Scalability Rules - **Frontend Optimization**: Always enforce **Virtual Scrolling** or server-side pagination for extensive datasets (e.g., thousands of Test Cases). Never render massive DOM structures all at once. - **Backend Optimization**: Strictly forbid `$N+1` database queries in Entity Framework. Utilize `.Include()`, `.AsNoSplitQuery()`, or `.Select()` projections for heavy queries. - **Heavy Workloads**: Mandate that all intense document processing (e.g., RAG vector generation) and bulk data imports/exports are offloaded to **Background Services** or Queues, keeping the main API threads highly responsive. ## 5. Resilience & AI Guardrails - **Retry Policies**: AI models (Gemini, OpenAI, Anthropic) frequently rate-limit or timeout. Use resilience frameworks like **Polly** in .NET to handle transient API failures gracefully. - **Graceful Degradation**: Always design AI features defensively. If LLM integrations fail or go offline, the core Test Management functionalities must continue operating flawlessly without blocking users. ## 6. Premium UI/UX & Design Philosophy - **Design Aesthetics**: Consistently deliver a modern, premium user interface. Utilize highly curated color palettes, glassmorphism where appropriate, modern typography (e.g., Inter), and subtle micro-animations to create an exceptional, dynamic UX. - **Accessibility & Responsiveness**: Ensure all views, modals, and dynamic data tables are fluidly responsive and meet strict accessibility standards (keyboard navigable, screen-reader friendly to WCAG 2.1). ## 7. Standardized Error Handling - **Uniform API Responses**: Enforce a strict standard (e.g., `ProblemDetails` in .NET) for all API exceptions. Raw stack traces must never reach the UI. - **Structured Logging**: Log all critical operations and exceptions logically, always attaching context like the `TenantId`, ensuring platform-wide debugging is possible across distributed containers. ## 8. Documentation Standards - **Feature Documentation**: Whenever a new feature or page is added, you MUST add or update the corresponding "How it Works" guide in the `docs` directory. - **Tutorials & README**: Consistently keep tutorials up-to-date with UI/logic changes, and remember to update the root `README.md` if the platform's architectural footprint or feature set expands. ## 9. Frontend Development (Angular UI) - **Angular 21+**: Proficiency using **Standalone Components**, advanced routing, reactive forms, and structural directives. - **TypeScript 5.9**: Advanced TS features, strict TS configurations, interfaces, and decorators. - **Tailwind CSS**: Utility-first CSS framework for rapid and responsive UI development. - **RxJS & Reactive Programming**: Handling asynchronous data streams, pipes, and complex state management workflows. - **Visualization Component**: Integrating and maintaining Chart.js dynamically without causing infinite loops. ## 10. Backend Development (.NET Core API) - **C# / .NET 10**: Modern C# feature utilization, asynchronous programming (`async/await`), LINQ, and clean architecture. - **ASP.NET Core Web API**: Minimal APIs, middleware authoring, and sophisticated request validation. - **Entity Framework Core 10 (EF Core)**: Code-First migrations, complex DbContext configuration. - **SignalR (WebSockets)**: Architecting real-time metric broadcasting and live-sync updates via Websockets. ## 11. Database & Architecture (PostgreSQL) - **PostgreSQL 16 & pgvector**: Relational querying, deep indexing, vector databases, and optimized embeddings strategies for Semantic RAG Search. - **Migrations Automation**: Dynamic multi-database migrations via `SaaS.MigrationRunner`. ## 12. Security & Authentication - **IAM & Multi-Method SSO**: ASP.NET Core Identity, JWT, Role-Based Access Control, Windows SSO, LDAP, Azure AD. - **Compliance & Hardening**: Defense against OWASP threats (CSRF, SQLi), deep `LogSanitizer.Sanitize()` integration, aligning strictly with ISO 27001/SOC 2 security standards. ## 13. Infrastructure & DevOps - **Docker & Docker Compose**: Building highly optimized Dockerfiles, managing container registries, and configuring dynamic environments natively.