104 lines
3.1 KiB
YAML
104 lines
3.1 KiB
YAML
# <!-- Powered by BMAD™ Core -->
|
|
template:
|
|
id: qa-gate-template-v1
|
|
name: Quality Gate Decision
|
|
version: 1.0
|
|
output:
|
|
format: yaml
|
|
filename: qa.qaLocation/gates/{{epic_num}}.{{story_num}}-{{story_slug}}.yml
|
|
title: "Quality Gate: {{epic_num}}.{{story_num}}"
|
|
|
|
# Required fields (keep these first)
|
|
schema: 1
|
|
story: "{{epic_num}}.{{story_num}}"
|
|
story_title: "{{story_title}}"
|
|
gate: "{{gate_status}}" # PASS|CONCERNS|FAIL|WAIVED
|
|
status_reason: "{{status_reason}}" # 1-2 sentence summary of why this gate decision
|
|
reviewer: "Quinn (Test Architect)"
|
|
updated: "{{iso_timestamp}}"
|
|
|
|
# Always present but only active when WAIVED
|
|
waiver: { active: false }
|
|
|
|
# Issues (if any) - Use fixed severity: low | medium | high
|
|
top_issues: []
|
|
|
|
# Risk summary (from risk-profile task if run)
|
|
risk_summary:
|
|
totals: { critical: 0, high: 0, medium: 0, low: 0 }
|
|
recommendations:
|
|
must_fix: []
|
|
monitor: []
|
|
|
|
# Examples section using block scalars for clarity
|
|
examples:
|
|
with_issues: |
|
|
top_issues:
|
|
- id: "SEC-001"
|
|
severity: high # ONLY: low|medium|high
|
|
finding: "No rate limiting on login endpoint"
|
|
suggested_action: "Add rate limiting middleware before production"
|
|
- id: "TEST-001"
|
|
severity: medium
|
|
finding: "Missing integration tests for auth flow"
|
|
suggested_action: "Add test coverage for critical paths"
|
|
|
|
when_waived: |
|
|
waiver:
|
|
active: true
|
|
reason: "Accepted for MVP release - will address in next sprint"
|
|
approved_by: "Product Owner"
|
|
|
|
# ============ Optional Extended Fields ============
|
|
# Uncomment and use if your team wants more detail
|
|
|
|
optional_fields_examples:
|
|
quality_and_expiry: |
|
|
quality_score: 75 # 0-100 (optional scoring)
|
|
expires: "2025-01-26T00:00:00Z" # Optional gate freshness window
|
|
|
|
evidence: |
|
|
evidence:
|
|
tests_reviewed: 15
|
|
risks_identified: 3
|
|
trace:
|
|
ac_covered: [1, 2, 3] # AC numbers with test coverage
|
|
ac_gaps: [4] # AC numbers lacking coverage
|
|
|
|
nfr_validation: |
|
|
nfr_validation:
|
|
security: { status: CONCERNS, notes: "Rate limiting missing" }
|
|
performance: { status: PASS, notes: "" }
|
|
reliability: { status: PASS, notes: "" }
|
|
maintainability: { status: PASS, notes: "" }
|
|
|
|
history: |
|
|
history: # Append-only audit trail
|
|
- at: "2025-01-12T10:00:00Z"
|
|
gate: FAIL
|
|
note: "Initial review - missing tests"
|
|
- at: "2025-01-12T15:00:00Z"
|
|
gate: CONCERNS
|
|
note: "Tests added but rate limiting still missing"
|
|
|
|
risk_summary: |
|
|
risk_summary: # From risk-profile task
|
|
totals:
|
|
critical: 0
|
|
high: 0
|
|
medium: 0
|
|
low: 0
|
|
# 'highest' is emitted only when risks exist
|
|
recommendations:
|
|
must_fix: []
|
|
monitor: []
|
|
|
|
recommendations: |
|
|
recommendations:
|
|
immediate: # Must fix before production
|
|
- action: "Add rate limiting to auth endpoints"
|
|
refs: ["api/auth/login.ts:42-68"]
|
|
future: # Can be addressed later
|
|
- action: "Consider caching for better performance"
|
|
refs: ["services/data.service.ts"]
|