Qa Hardening
npx machina-cli add skill ConaryLabs/Mira/qa-hardening --openclawname: qa-hardening description: This skill should be used when the user asks for "QA review", "production readiness", "hardening pass", "test coverage review", "error handling audit", "pre-release check", or wants to check code quality before release. argument-hint: "[area to review]" disable-model-invocation: true
QA Hardening
Requires: Claude Code Agent Teams feature.
Production readiness review with 4 specialists: test health auditor, error handling auditor, security auditor, and edge case hunter.
Arguments: $ARGUMENTS
Instructions
-
Parse arguments (optional):
--members hana,kali-> Only spawn these specific agents (by first name)- No arguments -> spawn all 4 agents
- Any other text -> use as the context/focus for the review
-
Determine context: The area to review, specific concerns, or scope of analysis. If no context is obvious, ask the user what they'd like hardened.
-
Launch the team: Call the Mira
launchMCP tool to get agent specs:launch(team="qa-hardening-team", scope=user_context, members="hana,kali" or omit for all)The
membersparameter is only needed if the user passed--members. Thescopeparameter should describe the review focus. -
Create the team:
TeamCreate(team_name=result.data.suggested_team_id) -
Create and assign tasks: For each agent in
result.data.agents:TaskCreate(subject=agent.task_subject, description=agent.task_description) TaskUpdate(taskId=id, owner=agent.name, status="in_progress") -
Spawn agents: For each agent in
result.data.agents, use theTasktool:Task( subagent_type="general-purpose", name=agent.name, model=agent.model, team_name=result.data.suggested_team_id, prompt=agent.prompt + "\n\n## Context\n\n" + user_context, run_in_background=true )Spawn all agents in parallel (multiple Task calls in one message).
IMPORTANT: Do NOT use
mode="bypassPermissions"-- these are read-only discovery agents. IMPORTANT: Always pass model="sonnet" to the Task tool. This ensures read-only agents use a cost-efficient model. -
Wait for findings: All agents will send their findings via SendMessage when complete.
-
Synthesize findings: Combine all findings into a prioritized hardening backlog:
- Critical -- Must fix before release (panics in production paths, security holes, data loss)
- High -- Should fix before release (poor error messages, resource leaks, missing validation)
- Medium -- Fix soon after release (coverage gaps, edge cases, docs drift)
- Low -- Polish (naming consistency, minor UX, nice-to-have tests)
- Deferred -- Needs design discussion (architectural changes, large refactors)
Cross-reference findings -- when multiple agents flag the same area, elevate priority.
-
Cleanup: Send
shutdown_requestto each teammate, then callTeamDelete.
Want findings implemented?
After presenting the hardening backlog, ask the user if they want fixes implemented. If yes, use launch(team="implement-team", scope=approved_items) to get implementation agent specs, then spawn Kai for planning, parallel fixers for execution, and Rio for verification.
Examples
/mira:qa-hardening
-> Prompts for what to review, then spawns all 4 agents
/mira:qa-hardening Review the recipe system
-> All 4 agents review the recipe code for production readiness
/mira:qa-hardening --members kali,orin
-> Only spawns Kali (security) and Orin (error-handling)
Agent Roles
| Name | Role | Focus |
|---|---|---|
| Hana | Test Health Auditor | Test suite health, coverage gaps, build quality |
| Orin | Error Handling Auditor | Panic paths, error messages, recovery |
| Kali | Security Auditor | Input validation, data exposure, auth bypass |
| Zara | Edge Case Hunter | Boundary conditions, concurrency, resource exhaustion |
Source
git clone https://github.com/ConaryLabs/Mira/blob/main/plugin/skills/qa-hardening/SKILL.mdView on GitHub Overview
QA Hardening runs a production readiness review with four specialists—Hana (Test Health Auditor), Orin (Error Handling Auditor), Kali (Security Auditor), and Zara (Edge Case Hunter). It parses the requested focus, launches a dedicated review team, and outputs a prioritized backlog of findings to fix before release. This helps catch coverage gaps, resilience issues, and security risks prior to deployment.
How This Skill Works
The skill parses the review scope and optional arguments, launches a qa-hardening-team via Mira's MCP, creates a Team and per-agent tasks, then spawns all agents in parallel using the read-only sonnet model. Each agent reports findings which are synthesized into a prioritized backlog with categories: Critical, High, Medium, Low, and Deferred for release readiness decisions.
When to Use It
- Before releasing a new feature or service to production to validate production readiness
- When you need a formal QA review focusing on test health, coverage gaps, and build quality
- To audit error handling paths, panic paths, and user-facing error messages
- To perform a security audit of inputs, data exposure, and auth bypass risks
- To surface edge cases and concurrency issues in boundary conditions
Quick Start
- Step 1: Invoke QA Hardening (e.g., /mira:qa-hardening) to start the review
- Step 2: Optionally constrain agents with --members or supply a specific scope context
- Step 3: Review the synthesized backlog and decide on fixes or proceed to an implementation phase
Best Practices
- Clearly define the scope or focus area before launching the review
- Use --members to limit the team to the necessary specialists for the review
- Provide a concise context for the review so agents can focus effectively
- Cross-reference findings across agents to elevate overlapping risks to higher priority
- Maintain a ready backlog with clear remediation owners and timelines
Example Use Cases
- Review production readiness of a new payments module before launch
- Audit a REST API for error handling and resilience under failure conditions
- Hardening a user authentication flow to reduce risk of credential exposure
- Check test coverage gaps in a microservice prior to deployment
- Assess edge cases and concurrency in an order-processing workflow
