step-03-risk-and-testability.md 3.9KB
name: ‘step-03-risk-and-testability’ description: ‘Perform testability review (system-level) and risk assessment’ nextStepFile: ‘{skill-root}/steps-c/step-04-coverage-plan.md’
outputFile: ‘{test_artifacts}/test-design-progress.md’
Step 3: Testability & Risk Assessment
STEP GOAL
Produce a defensible testability review (system-level) and a risk assessment matrix (all modes).
MANDATORY EXECUTION RULES
- 📖 Read the entire step file before acting
- ✅ Speak in
{communication_language} - 🎯 Base conclusions on evidence from loaded artifacts
EXECUTION PROTOCOLS:
- 🎯 Follow the MANDATORY SEQUENCE exactly
- 💾 Record outputs before proceeding
- 📖 Load the next step only when instructed
CONTEXT BOUNDARIES:
- Available context: config, loaded artifacts, and knowledge fragments
- Focus: this step’s goal only
- Limits: do not execute future steps
- Dependencies: prior steps’ outputs (if any)
MANDATORY SEQUENCE
CRITICAL: Follow this sequence exactly. Do not skip, reorder, or improvise.
1. System-Level Mode: Testability Review
If system-level, evaluate architecture for:
- Controllability (state seeding, mockability, fault injection)
- Observability (logs, metrics, traces, deterministic assertions)
- Reliability (isolation, reproducibility, parallel safety)
Structure output as:
- 🚨 Testability Concerns (actionable issues first)
- ✅ Testability Assessment Summary (what is already strong)
Also identify ASRs (Architecturally Significant Requirements):
- Mark each as ACTIONABLE or FYI
2. All Modes: Risk Assessment
Using risk-governance.md and probability-impact.md (if loaded):
- Identify real risks (not just features)
- Classify by category: TECH / SEC / PERF / DATA / BUS / OPS
- Score Probability (1–3) and Impact (1–3)
- Calculate Risk Score (P × I)
- Flag high risks (score ≥ 6)
- Define mitigation, owner, and timeline
3. NFR Planning Assessment
Using nfr-criteria.md when loaded:
- Identify NFR categories in scope: security, performance, reliability, scalability, maintainability, compliance, and any project-specific categories
- Extract measurable thresholds from PRD, architecture, ADRs, epics, or stories
- Mark missing thresholds as UNKNOWN and convert them into clarification items or risks; do not guess values
- Define planned evidence sources for later validation (tests, scans, metrics, logs, monitoring, CI reports)
- Convert NFR gaps into the existing risk register using SEC / PERF / OPS / TECH / DATA categories
Boundary: This workflow plans NFR validation. It does not assess final PASS/CONCERNS/FAIL from implementation evidence. Use nfr-assess after implementation evidence exists.
4. Summarize Risk Findings
Summarize the highest risks and their mitigation priorities.
5. Save Progress
Save this step’s accumulated work to {outputFile}.
- If
{outputFile}does not exist (first save), create it with YAML frontmatter:
---
workflowStatus: 'in-progress'
totalSteps: 5
stepsCompleted: ['step-03-risk-and-testability']
lastStep: 'step-03-risk-and-testability'
nextStep: '{nextStepFile}'
lastSaved: '{date}'
---
Then write this step’s output below the frontmatter.
- If
{outputFile}already exists, update:- Set
workflowStatus: 'in-progress' - Set
totalSteps: 5 - Add
'step-03-risk-and-testability'tostepsCompletedarray (only if not already present) - Set
lastStep: 'step-03-risk-and-testability' - Set
nextStep: '{nextStepFile}' - Set
lastSaved: '{date}' - Append this step’s output to the appropriate section of the document.
- Set
Load next step: {nextStepFile}
🚨 SYSTEM SUCCESS/FAILURE METRICS:
✅ SUCCESS:
- Step completed in full with required outputs
❌ SYSTEM FAILURE:
- Skipped sequence steps or missing outputs Master Rule: Skipping steps is FORBIDDEN.