Kanban Board
The Kanban board is not just a bug tracker — it is seeded proactively before any test runs, populated with strategic tasks derived from the Project Intelligence analysis.
Proactive Seeding (Phase 0)
When a session starts, OpenQA runs its intelligence analysis first. The moment domain, risk level, and regulations are known, the Kanban is populated automatically — without waiting for bugs to surface:
Mandatory Check Tickets
One ticket per OWASP/regulatory check selected for the detected domain. Critical checks go to To Do, medium/low to Backlog. Each ticket includes the OWASP reference (e.g. A03:2021).
Improvement & Compliance Suggestions
Architecture improvements, tech-debt, missing tests, and performance targets derived from the project profile.
QA Strategy Meta-Ticket
A single ticket summarising domain, risk, regulations, critical paths, testing depth, and estimated session time. The team's QA brief at a glance.
Live Findings (during session)
As the agent runs, every bug or anomaly found is recorded as a new ticket. Duplicates are automatically skipped.
Board Columns
Backlog
Medium/low priority checks, improvement ideas, tech-debt
To Do
Critical/high security & compliance tasks, confirmed bugs
In Progress
Being worked on by the team
Done
Resolved and verified
Ticket Categories
Each ticket has a category tag that drives how it is prioritised:
API Access
1# Get all tickets2curl http://localhost:3000/api/kanban/tickets3 4# Create a ticket5curl -X POST http://localhost:3000/api/kanban \6 -H "Content-Type: application/json" \7 -d '{8 "title": "Add rate limiting to /api/auth/login",9 "description": "Brute-force protection missing on login endpoint",10 "priority": "high",11 "column": "to-do",12 "type": "task",13 "tags": "security,owasp-a07"14 }'15 16# Move ticket to in-progress17curl -X PATCH http://localhost:3000/api/kanban/tickets/ticket_001 \18 -H "Content-Type: application/json" \19 -d '{"column": "in-progress"}'20 21# Delete ticket22curl -X DELETE http://localhost:3000/api/kanban/ticket_001