vault backup: 2026-04-29 12:43:08

99 Daily/2026-04-29.md

@@ -146,3 +146,9 @@ tags: [daily]
 - 12:34 | `ford_qc`
   - **Asked:** Check series image accounting using SE# and ABM WERS codes to verify all series are covered.
   - **Done:** Identified and removed duplicate ambl2se#r1 image linking while retaining series image; restarted ford-qc-hotfolder.service dev environment.
+- 12:41 (<1min) | `memory-compiler`
+  - **Asked:** Asked to compile a raw article into the wiki knowledge base with proper indexing.
+  - **Done:** Updated the master index and topic index to include the new `.claude` folder configuration article.
+- 12:42 (<1min) | `memory-compiler`
+  - **Asked:** Asked | Compile a new wiki article on web app testing into the knowledge base
+  - **Done:** Done | Created structured testing topic with guide article, topic index, and updated master index

wiki/_master-index.md

@@ -31,9 +31,11 @@ This 3-hop pattern works for hundreds of articles without vector search.
 | [[wiki/dotfiles/_index\|dotfiles/]] | Linux terminal ricing: Kitty, Fish, WezTerm CLI, modern Rust CLI tools, LazyVim, unified themes, Tabby | 21 |
 | [[wiki/agent-sdk/_index\|agent-sdk/]] | Claude Agent SDK (formerly Claude Code SDK) — build autonomous AI agents in Python and TypeScript | 30 |
 | [[wiki/llm-models/_index\|llm-models/]] | LLM model catalogs — OpenAI and Claude/Anthropic models, IDs, context, pricing | 2 |
-| [[wiki/claude-code/_index\|claude-code/]] | Claude Code product docs — install, capabilities, surfaces, MCP, hooks, scheduling, multi-agent, plugins, skills, channels, error recovery | 12 |
+| [[wiki/claude-code/_index\|claude-code/]] | Claude Code product docs — install, capabilities, surfaces, MCP, hooks, scheduling, multi-agent, plugins, skills, channels, error recovery | 13 |
 | [[wiki/reports/_index\|reports/]] | Weekly and monthly summaries — generate: `uv run python scripts/report-generator.py --weekly` | 1 |
 | [[wiki/infrastructure/_index\|infrastructure/]] | Server inventory: all 10 SSH hosts — optical, optical-dev, optical-prod, baic, librechat, modocmms, box-cli, aimpress, pve | 10 |
 
+| [[wiki/testing/_index\|testing/]] | Web app testing: functional, performance, security, UI types; TDD/BDD/Agile methodologies; Selenium/Cypress/Playwright/JMeter/OWASP ZAP tools | 1 |
+
 <!-- New topic folders added here automatically as they are created -->
 <!-- Format: | [[wiki/topic/_index\|topic/]] | One-line description | N articles | -->

wiki/claude-code/_index.md

@@ -26,3 +26,4 @@ Claude Code is Anthropic's agentic coding assistant. Works across terminal, IDE,
 | [[wiki/claude-code/headless-cli\|headless-cli]] | Run Claude Code non-interactively via `-p` flag: bare mode, structured output, streaming, tool approval, conversation resumption | raw/Run Claude Code programmatically.md | 2026-04-17 |
 | [[wiki/claude-code/scheduled-tasks\|scheduled-tasks]] | /loop, CronCreate/List/Delete tools, fixed vs dynamic intervals, loop.md, one-time reminders, jitter, 7-day expiry, scheduling options compared | raw/Run prompts on a schedule.md | 2026-04-17 |
 | [[wiki/claude-code/troubleshooting\|troubleshooting]] | Install errors quick-ref, PATH/proxy/TLS fixes, platform issues (Linux/macOS/Windows/WSL), auth problems, performance, IDE integration | raw/Troubleshooting.md | 2026-04-17 |
+| [[wiki/claude-code/dot-claude-folder\|dot-claude-folder]] | Full .claude folder reference: CLAUDE.md, hooks, skills, agents, commands, plugins, rules, .mcp.json — the mental model (advisory vs deterministic vs on-demand) | raw/Claude md folder.md | 2026-04-29 |

wiki/testing/_index.md

@@ -0,0 +1,7 @@
+# Testing — Topic Index
+
+Software testing theory, methodologies, tools, and practices for web applications.
+
+| Article | Summary | Source | Updated |
+|---------|---------|--------|---------|
+| [[wiki/testing/web-app-testing-guide\|Web App Testing Guide]] | Functional, performance, security, UI testing types; TDD/BDD/Waterfall/Agile methodologies; Selenium/Cypress/Playwright/JMeter/OWASP ZAP tool comparison | workspace.ru | 2026-04-29 |

wiki/testing/web-app-testing-guide.md

@@ -0,0 +1,168 @@
+---
+title: "Web Application Testing — Comprehensive Guide"
+aliases: [web-testing, webapp-testing, тестирование-веб-приложений]
+tags: [testing, qa, selenium, playwright, cypress, security, performance, tdd, bdd]
+sources: [raw/Подробное руководство по тестированию веб-приложений.md]
+created: 2026-04-29
+updated: 2026-04-29
+---
+
+## Overview
+
+Testing is not a "final check" — it's an integral part of development. Web apps differ from desktop apps: multi-layer architecture, network dependency, cross-browser/device matrix, and public internet exposure all demand systematic testing.
+
+---
+
+## Types of Testing
+
+### Functional Testing
+
+| Area | What to Check |
+|------|--------------|
+| User flows | Registration, login, search, checkout, account management |
+| Forms & input | Validation, data types, bad input handling |
+| Business logic | Calculations, rules, exception handling |
+| Integrations | Payment APIs, partner APIs, analytics, delivery services |
+
+### Performance Testing
+
+| Type | Goal | Business Value |
+|------|------|---------------|
+| Load | Normal user count | Daily usability |
+| Stress | Exceeding normal load | Black Friday readiness |
+| Volume | Large data sets | Scalability at growth |
+| Stability | Long-running without degradation | 24/7 reliability |
+
+### Security Testing
+
+Key attack vectors to test per **OWASP Top 10**:
+
+- **SQL Injection** — malicious SQL via input fields → test all inputs with special chars/SQL commands
+- **XSS (Cross-Site Scripting)** — injected JS executing in browser → check all user-input reflection
+- **CSRF** — forced user actions → verify CSRF tokens and request origin validation
+- **Man-in-the-Middle** — traffic interception → verify HTTPS and certificate correctness
+- **Auth/Authz weaknesses** — session management, access control, privilege escalation
+
+Also check: data encryption, PII handling, regulatory compliance (GDPR etc.)
+
+### UI Testing
+
+- **Cross-browser** — same behavior in Chrome, Firefox, Safari, Edge
+- **Responsive** — correct layout across screen sizes (mobile-first matters)
+- **Usability** — intuitive navigation, clear controls
+- **Accessibility (a11y)** — semantic HTML, screen reader support, keyboard navigation, color contrast, font scaling
+
+---
+
+## Methodologies
+
+### Waterfall vs Agile
+
+| Approach | When Testing Happens | Best For |
+|----------|---------------------|----------|
+| Waterfall | End of dev cycle | Stable, well-defined requirements |
+| Agile/Iterative | Every sprint | Evolving requirements, fast feedback |
+
+### TDD — Test-Driven Development
+
+Cycle: **Red → Green → Refactor**
+1. Write a failing test
+2. Write minimal code to pass it
+3. Refactor without breaking tests
+
+Benefits: better architecture, high coverage, confidence when changing code.
+
+### BDD — Behavior-Driven Development
+
+Uses natural language: **Given / When / Then**
+- Bridges communication gap between devs, QA, and business
+- Tests become living documentation
+
+### Risk-Based Testing
+
+When resources are limited, prioritize by **probability × business impact**:
+- High-risk areas → thorough coverage
+- Medium-risk → standard methods
+- Low-risk → sampling
+
+---
+
+## Tools
+
+### UI Automation
+
+| Tool | Strengths | Weaknesses |
+|------|-----------|-----------|
+| **Selenium** | Multi-language, multi-browser, mature ecosystem | Complex setup, steep learning curve |
+| **Cypress** | Simple DX, great debugging | Chrome-based only (mostly) |
+| **Playwright** | True cross-browser (Chrome/Firefox/Safari), modern API | Newer, smaller ecosystem |
+
+### API Testing
+- **Postman** — manual/exploratory API testing
+- **REST Assured** — Java-based API automation
+
+### Load Testing
+- **JMeter** — open source, widely used
+- **k6** — modern, JS-based, CI-friendly
+- **Artillery** / **Gatling** — alternatives for smaller projects
+
+### Security Testing
+- **OWASP ZAP** — free, good for baseline scanning
+- **Burp Suite** — professional-grade, expert features
+
+### Test Management
+- **TestRail**, **Xray**, **Azure DevOps** — plan, track, report, link to requirements
+
+### Cloud Cross-Browser
+- **BrowserStack**, **Sauce Labs** — access hundreds of browser/device combos without owning hardware
+
+---
+
+## Dynamic Content Testing
+
+- **AJAX** — use explicit waits, test loading states, test network error handling
+- **WebSockets** — test connection establishment, message types, graceful disconnect
+
+## Microservices Test Environment
+
+- Use **Docker + Docker Compose** for isolated per-service environments
+- **Service mocking** for unavailable dependencies
+- **Contract testing** to verify inter-service interfaces
+
+## Bug Report Template
+
+A good bug report must include:
+1. Clear problem description
+2. Step-by-step reproduction
+3. Screenshot or video
+4. Environment (browser, OS, app version)
+5. Expected vs actual behavior
+6. User impact
+7. Labels/categories
+
+---
+
+## Key Takeaways
+
+- Testing is part of development, not after it — early detection is 10× cheaper than late fixes
+- Web apps need functional + performance + security + UI testing as a minimum
+- OWASP Top 10 is the checklist for security testing
+- TDD → better architecture; BDD → better team communication
+- Tool choice depends on team expertise and project needs — Playwright is the modern default for UI automation
+- Cross-browser and mobile testing can be outsourced to BrowserStack/Sauce Labs cheaply
+- For microservices: Docker Compose + service mocking + contract testing
+- Risk-based testing helps when you can't test everything
+
+---
+
+## Related
+
+- [[wiki/tech-patterns/_index|Tech Patterns]] — FastAPI, React, Next.js stacks that need testing
+- [[wiki/architecture/_index|Architecture]] — Docker Compose, microservices patterns
+- [[wiki/concepts/_index|Concepts]] — atomic knowledge from dev sessions
+
+---
+
+## Sources
+
+- [Подробное руководство по тестированию веб-приложений](https://workspace.ru/blog/podrobnoe-rukovodstvo-po-testirovaniyu-veb-prilozheniy/) — workspace.ru, 2025-06-27