What it does
Maps what coverage exists per level/type for each in-scope item, audits the traceability chain for forward gaps and backward orphans, compares against risk_areas (critical/high must have layered coverage), detects inversions and missing negative/boundary/contract/non-functional cases, and outputs a risk-ranked gap table with counts.
When to use it
When you ask 'what's under-tested?' or want a coverage review against the risk register.
Prerequisites
qa.config.yml (paths.*, tooling.* toggles, gates, risk_areas) — stops if missing; an area/path, or empty to default to risk_areas.critical areas.
Output
Coverage/traceability gap analysis (contributes to the ISO/IEC/IEEE 29119-3 Test Status (Progress) Report, coverage dimension) -> report (prioritized gap table).
Mechanics
How it works
- Map what exists: which levels/types cover each feature/endpoint/journey in scope
- Audit the bidirectional traceability chain for forward gaps and backward orphans
- Compare against risk_areas — every critical/high area must have layered coverage
- Detect inversions and missing negative/authorization/boundary/contract/non-functional cases
- Assign a risk tier to each gap; output a prioritized gap table with a counts summary
Why it works
The theory behind it
Test monitoring (coverage) + analysis (CTFL v4.0 §5.3; §1.4.4 traceability). Counters the pesticide paradox (Principle 5) by surfacing what the current suite no longer protects; an absent gap does not prove an area is defect-free (Principle 1).
CTFL v4.0 §5.3 · §1.4.4 (traceability)
Example
See it in use
> /qa:review-coverage checkout✓ Correct when It names specific untested conditions/endpoints for checkout and ranks them by risk, reporting forward gaps and backward orphans with counts.