# Scenario Workflow — $autoresearch scenario Scenario-driven use case generator that autonomously explores situations, edge cases, failure modes, and derivative scenarios from a seed scenario. Doesn't stop at obvious paths — iteratively discovers what could go wrong, what's missing, and what nobody thought of. **Core idea:** Seed scenario in → Decompose into dimensions → Generate situations → Classify (new/duplicate/variant) → Expand edge cases → Log → Repeat. Every iteration explores one unexplored combination. ## Trigger - User invokes `$autoresearch scenario` - User says "explore scenarios", "generate use cases", "what could go wrong", "stress test this feature", "edge cases for", "what are all the ways this could fail" - User wants to enumerate situations for a feature, workflow, or system ## Loop Support ``` # Unlimited — keep generating scenarios until interrupted $autoresearch scenario # Bounded — exactly N exploration iterations $autoresearch scenario Iterations: 25 # Focused scope $autoresearch scenario Scenario: User attempts to checkout with multiple payment methods Domain: software Depth: deep ``` ## PREREQUISITE: Interactive Setup (when invoked without scenario) **CRITICAL — BLOCKING PREREQUISITE:** If `$autoresearch scenario` is invoked without a scenario description, you MUST use direct prompting to gather context BEFORE proceeding to ANY phase. DO NOT skip this step. DO NOT jump to Phase 1 without completing interactive setup. **TOOL AVAILABILITY:** direct prompting may be a deferred tool. If calling it fails or the schema is not available, you MUST use `ToolSearch` to fetch the direct prompting schema first, then retry. NEVER skip interactive setup because of a tool fetch issue — resolve the tool availability, then ask the questions. The question count adapts (4-8) based on what context is already provided: **Adaptive question selection rules:** - No input at all → ask all 8 questions - Vague scenario only (≤5 words OR no verb/action) → ask questions 2-8 (skip 1) - Clear scenario (>5 words AND contains actor + action), no domain → ask questions 2, 4, 5, 6, 7 (5 questions) - Clear scenario + domain (via `--domain` flag or explicit domain keyword like "API", "auth", "UX") → ask questions 4, 6, 7, 8 (4 questions) **Classification examples:** - "checkout" → **vague** (1 word, no actor, no action) - "API rate limiting" → **vague** (no actor, no verb) - "User resets password" → **clear** (actor=User, action=resets, object=password) - "Admin deploys to production with rollback" → **clear + domain=software** (skip to 4 questions) You MUST call direct prompting with the selected questions in ONE batched call: | # | Header | Question | When to Ask | Options | |---|--------|----------|-------------|---------| | 1 | `Scenario` | "Describe the scenario you want to explore" | If not provided inline | Free text input | | 2 | `Domain` | "What domain is this scenario in?" | If not obvious from scenario | "Software/API (code paths, error handling)", "Product/UX (user journeys, accessibility)", "Business/Process (workflows, approvals, compliance)", "Security/Compliance (threats, access control, data)", "Marketing/Sales (campaigns, funnels, conversions)", "Custom (I'll describe)" | | 3 | `Actors` | "Who are the key actors/users in this scenario?" | If scenario doesn't mention actors | Detected from codebase/scenario + "End user", "Admin", "System/API", "External service", "Multiple (I'll list)" | | 4 | `Goal` | "What's your primary goal for exploring this scenario?" | If intent is unclear | "Find edge cases and boundary conditions", "Generate test scenarios (Given/When/Then)", "Explore all user journeys and paths", "Stress test — find what breaks under pressure", "Map failure modes and recovery paths", "All of the above" | | 5 | `Constraints` | "Any constraints or boundaries I should respect?" | If no scope or limits mentioned | "Technical limitations (infra, performance)", "Business rules (policies, SLAs)", "Regulatory/compliance requirements", "Time/resource constraints", "None — explore freely" | | 6 | `Depth` | "How deep should I explore?" | Always | "Shallow scan (10 iterations — quick overview)", "Standard exploration (25 iterations — recommended)", "Deep investigation (50+ iterations — comprehensive)", "Unlimited — keep going until interrupted" | | 7 | `Output` | "What output format is most useful?" | If domain doesn't make it obvious | "Use cases (Given/When/Then format)", "User stories (As a... I want... So that...)", "Test scenarios (input → expected → actual)", "Threat scenarios (attacker goal → vector → impact)", "Mixed — all applicable formats" | | 8 | `Focus` | "Any specific area to stress test first?" | If scenario is broad | Suggested areas from scenario analysis + "Happy path first, then edge cases", "Jump straight to failure modes", "Explore everything equally" | **IMPORTANT:** You MUST batch ALL selected questions into a SINGLE direct prompting call. NEVER ask questions one at a time — users need full context to make informed decisions together. If direct prompting only supports one question per call, include all questions in a single call with numbered headers. ## Architecture ``` $autoresearch scenario ├── Phase 1: Seed — Capture, parse, and analyze the scenario ├── Phase 2: Decompose — Break into exploration dimensions ├── Phase 3: Generate — Create ONE new situation ├── Phase 4: Classify — New? Valuable? Duplicate? ├── Phase 5: Expand — Derive edge cases, what-ifs, failure modes ├── Phase 6: Log — Record to scenario-results.tsv └── Phase 7: Repeat — Next unexplored dimension/combination ``` ## Inline Context Parsing Rules When the user provides arguments inline, parse them in this order (flags take precedence over positional text): 1. **Flags first:** Extract `--domain`, `--depth`, `--scope`, `--format`, `--focus`, `--iterations` (or `Iterations:` inline config) 2. **Scenario text:** Everything that isn't a flag or `Iterations:` config is the scenario description 3. **`Scenario:` prefix:** If text starts with `Scenario:`, strip the prefix 4. **Flag order doesn't matter:** `--domain software User resets password` = `User resets password --domain software` 5. **Conflict resolution:** If `--depth shallow` is set but `Iterations: 50` is also set, `Iterations:` wins (explicit iteration count overrides depth presets) **Skip setup entirely when:** Scenario text is "clear" (>5 words with actor+action) AND at least `--domain` or `--depth` is provided. Proceed directly to Phase 1. ## Cancel & Interruption Handling - If user selects "Cancel" in any direct prompting response → exit cleanly with message: "Scenario exploration cancelled. Run `$autoresearch scenario` again when ready." - If user answers only some questions and stops responding → treat answered questions as config, ask remaining questions in a follow-up call - If Ctrl+C during setup → no state persisted, clean restart on re-invocation ## Phase 1: Seed — Capture & Analyze Scenario **STOP: Have you completed the Interactive Setup above?** If invoked without scenario/flags, you MUST complete the direct prompting call above BEFORE entering this phase. Parse the scenario and build a structured understanding. **Extract from scenario:** - Primary actor(s) and their roles - Goal/objective of the scenario - Preconditions (what must be true before) - Postconditions (expected outcomes) - System components involved - Data flows and transformations - External dependencies **If codebase context exists:** - Read relevant source files mentioned in or related to the scenario - Identify API routes, database models, UI components involved - Map the technical implementation to the scenario description **Output:** `✓ Phase 1: Seed analyzed — [N] actors, [M] components, [K] preconditions identified` ## Phase 2: Decompose — Break Into Exploration Dimensions Map the scenario into exploration dimensions. Each dimension represents a category of situations to generate. **Scenario Dimensions:** | Dimension | Description | Exploration Focus | |-----------|-------------|-------------------| | **Happy path** | Normal successful flow | All steps complete as expected | | **Error path** | Expected, handled failures | Validation errors, business rule violations | | **Edge case** | Boundary conditions | Min/max values, empty inputs, unicode, huge payloads | | **Abuse/misuse** | Adversarial or unintended behavior | Injection, privilege escalation, rate abuse | | **Scale** | High volume/load scenarios | Concurrent users, large datasets, burst traffic | | **Concurrent** | Race conditions and ordering | Simultaneous edits, distributed locks, eventual consistency | | **Temporal** | Time-dependent behavior | Timeouts, expiry, scheduling, timezone edge cases | | **Data variation** | Different input types and formats | Null, empty, unicode, special chars, max length | | **Permission** | Access control and authorization | Role escalation, shared resources, delegation | | **Integration** | External system interactions | API failures, timeouts, malformed responses, version mismatches | | **Recovery** | System resilience | Crash recovery, retry logic, data consistency after failure | | **State transition** | Object lifecycle | Invalid state transitions, partial updates, rollback | **Dimension prioritization:** 1. Start with happy path (baseline understanding) 2. Error paths (most common real-world issues) 3. Edge cases (where bugs hide) 4. Domain-specific dimensions (security → abuse, product → UX, etc.) **Output:** `✓ Phase 2: Decomposed — [N] dimensions active, [M] exploration vectors identified` ## Phase 3: Generate — Create ONE New Situation Pick the highest-priority unexplored dimension/combination and generate a concrete situation. **Situation format:** ```markdown ### [DIMENSION] Situation: [descriptive title] **Actors:** [who is involved] **Precondition:** [what must be true] **Trigger:** [what action initiates this] **Flow:** 1. [step 1] 2. [step 2] 3. [step N] **Expected outcome:** [what should happen] **What could go wrong:** [potential failure points] **Severity:** [Critical/High/Medium/Low — impact if this fails] ``` **Generation strategies:** | Strategy | When to Use | Method | |----------|-------------|--------| | **Dimension walk** | Early iterations | Pick next unexplored dimension, generate vanilla situation | | **Combination** | Mid iterations | Combine 2 dimensions (e.g., edge case + concurrent) | | **Negation** | When stuck | Take a happy path step, negate it ("what if this fails?") | | **Amplification** | Deep exploration | Take existing situation, amplify one parameter to extreme | | **Persona shift** | Coverage gaps | Same scenario, different actor (admin vs user vs attacker) | | **Temporal shift** | After basics covered | Same scenario at different times (peak load, maintenance window, first use) | **Rules:** - ONE situation per iteration (atomic — evaluate before generating more) - Must be concrete and specific (not vague "something goes wrong") - Must include at least one verifiable expected outcome ## Phase 4: Classify — Evaluate & Deduplicate Before keeping a generated situation, classify it: | Classification | Criteria | Action | |----------------|----------|--------| | **New** | Not covered by any existing situation | KEEP — add to scenarios | | **Variant** | Similar to existing but meaningfully different | KEEP — add as sub-scenario | | **Duplicate** | Already covered by existing situation | DISCARD — log as "duplicate of #N" | | **Out of scope** | Doesn't match the seed scenario | DISCARD — log as "out of scope" | | **Low value** | Technically possible but unrealistic | DISCARD — log as "low value" | **Deduplication check:** - Compare against ALL previously generated situations - Check for semantic similarity, not just text matching - A situation with different actors but identical flow is a variant, not new ## Phase 5: Expand — Edge Cases & Stress Tests For each KEPT situation, derive additional scenarios: **Expansion techniques:** | Technique | Description | Example | |-----------|-------------|---------| | **What-if** | Change one variable | "What if the network drops mid-transaction?" | | **Boundary** | Push values to limits | "What if quantity = 0? -1? MAX_INT?" | | **Interruption** | Inject failure mid-flow | "What if power loss occurs at step 3?" | | **Ordering** | Change sequence | "What if step 2 happens before step 1?" | | **Missing data** | Remove expected input | "What if the required field is null?" | | **Stale data** | Use outdated information | "What if the cached price changed 5 minutes ago?" | **For each expansion:** - Generate as sub-scenario under the parent situation - Mark with severity (Critical/High/Medium/Low) - Note if it maps to a known bug pattern ## Phase 6: Log — Record Everything **Append to scenario-results.tsv:** ```tsv iteration dimension classification severity title description parent 1 happy_path new - Successful checkout User completes standard checkout flow - 2 error_path new HIGH Payment declined Card rejected during checkout - 3 edge_case new MEDIUM Empty cart checkout User clicks checkout with 0 items - 4 edge_case variant LOW Single-item cart User checks out with exactly 1 item #1 5 concurrent new CRITICAL Double-submit User clicks pay twice rapidly - 6 abuse new CRITICAL Price manipulation User modifies price client-side - ``` **Every 5 iterations, print progress:** ``` === Scenario Progress (iteration 15) === Scenarios generated: 12 (8 new, 3 variants, 1 discarded) Dimensions covered: 7/12 (58%) Edge cases found: 18 Severity breakdown: 2 Critical, 4 High, 8 Medium, 4 Low Coverage gaps: scale, temporal, recovery — unexplored ``` ## Phase 7: Repeat — Next Exploration Vector **Prioritization for next iteration:** 1. Unexplored dimensions with highest expected severity 2. Combinations of dimensions not yet tested together 3. Expansions of high-severity situations 4. Domain-specific patterns not yet covered 5. Coverage gaps identified in progress summary **When to stop (unbounded mode):** - Never stop automatically — user interrupts - Print "diminishing returns" warning after 5 iterations with no new unique situations **When to stop (bounded mode):** - After N iterations, print final summary and stop ## Flags | Flag | Purpose | |------|---------| | `--domain ` | Set domain context (software, product, business, security, marketing) | | `--depth ` | Set exploration depth (shallow=10, standard=25, deep=50+) | | `--scope ` | Limit to specific files/features for codebase-aware generation | | `--format ` | Output format (use-cases, user-stories, test-scenarios, threat-scenarios, mixed) | | `--focus ` | Prioritize specific dimension (edge-cases, failures, security, scale) | | `--chain ` | Chain to downstream tool(s) after completion. Comma-separated for multi-chain. Spaces after commas tolerated. | ## Composite Metric For bounded loops, scenario exploration thoroughness: ``` scenario_score = scenarios_generated * 10 + edge_cases_found * 15 + (dimensions_covered / total_dimensions) * 30 + unique_actors_explored * 5 + (high_severity_found * 3) ``` Higher = more thorough. Incentivizes breadth (cover dimensions) AND depth (find edge cases). ### Chain Conversion #### `--chain debug` Each high-risk scenario (Critical or High severity) becomes a hypothesis for the debug investigation loop. Scope is derived from the files mentioned in or related to each scenario. ``` $autoresearch debug Scope: {files from scenario scope or codebase map} Symptom: scenarios predict high-risk failure modes — {N} hypotheses queued Hypotheses: H-01 [CRITICAL] {scenario title} — {trigger description} H-02 [HIGH] {scenario title} — {trigger description} ``` #### `--chain fix` Edge case failures and failure mode scenarios become fix targets sorted by severity. ``` $autoresearch fix Target: {top Critical/High scenario title} Scope: {file paths related to failure scenarios} ``` #### `--chain security` Threat scenarios and abuse-dimension findings feed the security audit focus areas. ``` $autoresearch security Scope: {files from abuse/permission/data_variation scenarios} Focus: threat scenarios from exploration: {comma-separated scenario titles} ``` #### `--chain predict` Scenarios become the goal for multi-persona swarm impact analysis — "what broader impact do these scenarios predict." ``` $autoresearch predict Scope: {file paths from scenario scope} Goal: predict broader impact of identified failure scenarios and edge cases ``` #### `--chain plan` Scenario findings become requirements for implementation planning — gaps and failure modes become planned features or hardening tasks. ``` $autoresearch plan Goal: address failure modes and edge cases uncovered by scenario exploration Source: scenario/{slug}/summary.md ``` #### `--chain learn` The full scenario tree is documented for codebase learning — future features can reference coverage gaps. ``` $autoresearch learn Topic: scenario coverage, edge cases, and failure modes Source: scenario/{slug}/scenarios.md ``` #### `--chain reason` Complex scenarios with no clear resolution become tasks for adversarial refinement. ``` $autoresearch reason Task: determine best handling strategy for complex/unresolved scenarios Evidence: scenario/{slug}/edge-cases.md ``` #### `--chain ship` Scenario coverage becomes a ship readiness gate — Critical failures block, High failures warn. ``` $autoresearch ship Gate: {FAIL if any unaddressed Critical scenarios, WARN if High scenarios unresolved} Blockers: {count of unaddressed Critical scenarios} ``` #### `--chain probe` Scenarios reveal requirement gaps — situations the system can't handle expose missing or ambiguous requirements. ``` $autoresearch probe Topic: requirement gaps revealed by scenario exploration Source: scenario/{slug}/summary.md ``` ### Multi-Chain Execution `--chain debug,fix,ship` executes sequentially: 1. Write `handoff.json` after scenario exploration completes 2. Launch `debug` with chain conversion above 3. After `debug` completes, convert debug findings + `handoff.json` → `fix` targets 4. After `fix` completes, convert fix session results → `ship` gate 5. Each stage's output feeds the next via updated `handoff.json` **Empirical evidence rule:** Downstream loop results ALWAYS override upstream scenario consensus. If debug disproves a scenario's predicted failure mode, the empirical finding wins — update the scenario report with `DISPROVEN by debug loop`. ## Output Directory Creates `scenario/{YYMMDD}-{HHMM}-{scenario-slug}/` with: - `scenarios.md` — all generated scenarios grouped by dimension, with full situation format - `use-cases.md` — formal use cases (Given/When/Then) derived from scenarios - `edge-cases.md` — edge cases and failure modes with severity ratings - `scenario-results.tsv` — iteration log - `summary.md` — executive summary with coverage matrix, dimension heatmap, recommendations ## Domain-Specific Templates When a domain is specified (or detected), load domain-specific dimension priorities: ### Software/API Domain **Priority dimensions:** error_path, edge_case, concurrent, integration, data_variation **Default format:** test-scenarios **Extra checks:** API contract violations, backward compatibility, idempotency ### Product/UX Domain **Priority dimensions:** happy_path, error_path, permission, temporal, state_transition **Default format:** user-stories **Extra checks:** Accessibility, mobile responsiveness, offline behavior, onboarding ### Business/Process Domain **Priority dimensions:** happy_path, error_path, permission, temporal, recovery **Default format:** use-cases **Extra checks:** Approval chains, SLA violations, audit trail, escalation paths ### Security/Compliance Domain **Priority dimensions:** abuse, permission, data_variation, integration, concurrent **Default format:** threat-scenarios **Extra checks:** OWASP Top 10 mapping, data exposure, privilege escalation, injection vectors ### Marketing/Sales Domain **Priority dimensions:** happy_path, data_variation, temporal, scale, state_transition **Default format:** user-stories **Extra checks:** A/B test interference, attribution edge cases, funnel drop-offs, localization ## Chaining Patterns ```bash # Explore scenarios, then hunt for bugs in those areas $autoresearch scenario Iterations: 25 $autoresearch debug --scope src/checkout/** Symptom: edge cases from scenario exploration # Explore, then security audit the weak spots $autoresearch scenario --domain security Iterations: 15 $autoresearch security --scope src/auth/** # Generate test scenarios, then use them to write tests $autoresearch scenario --format test-scenarios --domain software Iterations: 20 # Output can feed into test generation workflows ``` ## What NOT to Do — Anti-Patterns | Anti-Pattern | Why It Fails | |---|---| | **Generate 50 happy paths** | No value — one happy path reveals the baseline, then explore what breaks | | **Stay in one dimension** | Missing coverage — force dimension rotation after 3 consecutive same-dimension iterations | | **Vague situations** | "Something bad happens" is not a scenario — require specific trigger, flow, and outcome | | **Skip classification** | Duplicates waste iterations and inflate metrics without adding value | | **Ignore domain context** | A security scenario needs threat-focused dimensions, not UX-focused ones | | **Abstract without concrete** | "User might experience issues" — name the issue, the trigger, and the impact |