·

Prompt-driven test charters and session guides

Prompt-driven test charters and session guides

What Is a Test Charter and How Does AI Generate Better Ones?

A test charter is an exploration mission statement. In its canonical form, it follows the structure: "Explore [target] using [resources/techniques] to discover [information]." The charter doesn't specify exact steps — it defines scope, focus, and intent. It tells you where to start and what questions are worth answering, without scripting how to answer them.

Experienced exploratory testers write charters intuitively. The challenge is not whether they can write a good charter — they can. The challenge is how long it takes and how many angles get missed when a charter is written under the pressure of a sprint kickoff or a production incident response.

Why Human-Written Charters Often Underperform

When QA engineers write charters quickly from memory, several systematic gaps appear:

  • Recency bias: Recent bugs and familiar areas dominate; less-traveled parts of the application get shallow coverage
  • Feature-focused, not risk-focused: Charters describe what the feature does rather than where it can fail
  • Missing implicit quality attributes: Security, performance, accessibility, and logging are rarely captured in feature-focused charters
  • Single-persona thinking: The charter reflects the QA engineer's mental model of the user, not the full range of user archetypes
  • No cross-feature blast radius: A charter about Feature X rarely considers how Feature X interacts with Features A, B, and C

AI-generated charters address each of these systematically — because the AI has no recency bias, no familiarity assumptions, and explicitly applies quality attribute dimensions when prompted.

The Anatomy of an AI-Generated Charter

A high-quality AI charter contains five components:

  1. Mission statement: The traditional "Explore [X] to discover [Y]" framing
  2. Scope boundaries: What's in and what's out for this session
  3. Risk hypothesis: Why this area might fail — the underlying concern driving the exploration
  4. Suggested techniques: Heuristics, data variations, or interaction patterns suited to this target
  5. Stop conditions: What would signal the session is complete or should pivot

This is richer than most manually written charters. AI can generate this structure consistently across any number of charters in a fraction of the time manual authoring takes.

Prompt Pattern: Generating a Single Focused Charter

You are a senior QA engineer with deep expertise in exploratory testing.

Context:
- Feature: [Feature name and 2–3 sentence description]
- Recent change: [What changed in this sprint/PR]
- Platform: [Target platform]
- Session duration: [e.g., 60 minutes]

Generate a single focused exploratory testing charter in this format:
1. Mission statement (one sentence: "Explore [target] using [approach] to discover [information type]")
2. Scope: What is in scope for this session (3–5 bullets)
3. Out of scope: What should be deferred to another session
4. Risk hypothesis: Why this area might have defects given the recent change
5. Suggested techniques: 3–5 specific exploration techniques suited to this target
6. Stop conditions: What signals this session is complete or should pivot

Make the charter risk-aware and specific — not generic. Use the change description to ground
the risk hypothesis in what actually changed.

Generating a Suite of Charters for a Feature

For larger features, you want multiple charters covering different risk areas:

Generate a suite of 4 exploratory testing charters for the following feature.

Feature: [Feature description]
Known risk areas: [List any known concerns]
Platforms to cover: Web, iOS, Android

Requirements:
- Charter 1 should focus on functional correctness (happy paths and their variants)
- Charter 2 should focus on data edge cases and input validation
- Charter 3 should focus on cross-platform consistency and platform-specific behaviors
- Charter 4 should focus on error states, failure recovery, and degraded conditions

For each charter, include: mission, scope, risk hypothesis, and 3 suggested techniques.
Ensure charters don't overlap significantly — they should partition the risk space.

This "partitioned charter suite" approach ensures systematic coverage across sessions without redundancy.

Learning Tip: Generate a charter suite before each major feature exploration cycle, then map your actual session coverage against the charters afterward. Over time, this builds a coverage matrix showing which charter types you reliably execute and which you consistently deprioritize under time pressure. That self-knowledge is more valuable than any individual charter — it reveals your systematic blind spots as a tester.

How to Provide Feature Context So AI Generates Focused, Risk-Aware Charters?

Garbage in, garbage out. The quality of AI-generated charters is directly proportional to the quality of the context you provide. A vague feature description produces generic charters. Specific, risk-grounded context produces charters that read as if they were written by someone who knows the application deeply.

Context Layer 1: The Feature Spec or User Story

The spec is the baseline. Always include:
- The user goal the feature serves
- The acceptance criteria
- Any explicit business rules or constraints

But the spec alone is often insufficient — it describes intended behavior, not failure modes. You need additional layers.

Context Layer 2: The Code Change Description

The diff or PR description is the most underutilized input for charter generation. It tells you:
- What code paths were modified
- What dependencies were introduced or changed
- Whether the change touched authentication, data persistence, external integrations, or UI rendering

PR description to include in charter generation prompt:

"Refactored address validation logic to use a new third-party address verification API
(SmartyStreets). Previously, validation was client-side regex only. Now validation makes
a real-time API call on blur of the ZIP code field. Fallback to client-side validation
if the API call fails or times out (500ms timeout)."

This single paragraph tells a QA engineer with exploratory testing experience everything they need to generate a high-value charter: network dependency, timeout behavior, fallback logic, changed validation timing (on-blur vs. on-submit), and a new third-party integration.

Providing this to the AI produces dramatically better charters than providing the feature spec alone.

Context Layer 3: Historical Bug Patterns

Past bugs in the same area are a gold mine for charter generation:

Historical bugs in this area (last 6 months):
- BUG-1204: Address auto-complete suggestions showed stale results after session restore
- BUG-1156: ZIP code validation accepted 4-digit codes when 5 were required
- BUG-1089: API timeout during address validation caused form submission to hang indefinitely

Use these bug patterns to identify additional risk hypotheses for the charters.

AI will incorporate these patterns, adding exploration angles like "verify session restore doesn't retain stale validation state" and "test all timeout edge cases in the new fallback logic."

Context Layer 4: User Persona Variants

Different users hit different code paths. Providing persona context expands charter scope beyond the default "typical user" assumption:

Relevant user personas for this session:
- New user with no address history
- Returning user with 5+ saved addresses
- User who previously entered an address that the new API rejects as invalid
- User on a slow mobile connection (relevant to the 500ms timeout)
- User in a US territory (Puerto Rico ZIP codes have different format: 5+4 digit)

Including these personas in your charter generation prompt produces charters that explicitly include persona-specific exploration angles.

Full Context Prompt: Putting It Together

Generate a focused exploratory testing charter using the following context.

Feature spec:
[Paste spec here]

Code change (PR description):
[Paste PR description here]

Historical bugs in this area:
[Paste bug list here]

User personas to consider:
[List personas]

Platform: [Specify]
Session duration: 90 minutes

Charter requirements:
- Mission statement that reflects the specific risk introduced by this change
- Risk hypothesis grounded in the PR description, not just the spec
- Techniques that specifically target the new third-party API integration and timeout fallback
- Include at least one angle for each persona listed
- Flag the top 2 "most likely to find a bug" exploration angles based on the change

Output format: Mission | Scope | Risk Hypothesis | Techniques | Persona Angles | Top 2 Angles

Evaluating the Output — What to Accept and What to Fix

AI-generated charters require review before use. Look for:

Accept if:
- The risk hypothesis references the actual change (not generic risk statements)
- Techniques are concrete ("test the API timeout by simulating network latency with Charles Proxy") not vague ("test for errors")
- The mission statement specifies what kind of information you're seeking

Edit if:
- The charter is too broad for the stated session duration (90-minute charter shouldn't have 10 focus areas)
- Risk hypotheses are generic ("data may not save correctly") — push the AI for specificity
- Techniques are obvious ("test with valid inputs") — ask for edge-case-focused techniques specifically

Reject if:
- The charter ignores the change description entirely
- The mission statement is generic ("Explore the address form to find bugs")
- There's no identifiable risk hypothesis driving the session

Learning Tip: Build a personal library of "context templates" for your application domains. A template for "backend service change with new external dependency," "UI refactor with no logic change," and "new user-facing feature from scratch" will save you significant prompt construction time. Each template is simply a structured prompt with placeholders for the context layers described above. Three to five templates cover 80% of the charter generation scenarios you'll face.

How to Adapt AI-Generated Charters for Frontend, Backend, Mobile, and CTV?

A charter that's perfect for a web frontend session will miss the most important risk areas for an API or a CTV application. Each platform has a distinct failure mode profile. AI can generate platform-specific charters, but you need to direct it to the right risk areas for each discipline.

Frontend (Web) Charter Adaptations

Web frontend exploration should address layers that pure functional testing doesn't reach:

Platform-specific risk areas to include in your prompt:
- Cross-browser rendering inconsistencies (Chrome, Safari, Firefox, Edge)
- Responsive layout breakpoints and fluid resize behavior
- Accessibility: keyboard navigation, screen reader compatibility, focus management
- JavaScript error handling and graceful degradation
- Form behavior: autofill conflicts, browser validation vs. application validation
- Performance perception: layout shifts, time-to-interactive, loading state handling

Adapt the following charter for a web frontend session. Add exploration angles for:
1. Cross-browser inconsistencies likely for this component type
2. Responsive layout edge cases at standard breakpoints (320px, 768px, 1024px, 1440px)
3. Keyboard-only navigation through this feature
4. Any accessibility concerns raised by the HTML structure change described in the PR
5. Browser autofill interaction with the form fields

Original charter: [paste charter]
PR diff summary (HTML/CSS changes): [paste]

Backend / API Charter Adaptations

API exploration requires a different lens — the "UI" is the contract, and the failure modes are in data handling, authentication, concurrency, and error responses.

Platform-specific risk areas:
- HTTP status code correctness (not just 200/400/500 — edge cases like 422, 409, 429)
- Request/response schema validation (required fields, types, nullability)
- Authentication and authorization edge cases (expired tokens, scope boundary violations)
- Idempotency for POST/PUT operations
- Pagination edge cases (last page, empty result, out-of-bounds page)
- Rate limiting and quota behavior
- Concurrent request handling (race conditions on shared resources)

Adapt the following charter for API exploratory testing. The target is:
Endpoint: POST /api/v2/orders
Service: Order creation service
Change: New idempotency key header added (X-Idempotency-Key)

Add exploration angles for:
1. Idempotency key edge cases: missing key, duplicate key, expired key
2. Authorization boundary: user can only create orders for their own account
3. Concurrent requests with the same idempotency key
4. Malformed request bodies (missing required fields, wrong types, extra fields)
5. Rate limit behavior on burst submission (10 requests in 1 second)

Output the adapted charter with HTTP-specific techniques (curl examples, Postman, or direct
REST client instructions where useful).

Mobile Charter Adaptations (iOS and Android)

Mobile exploration addresses OS-level behaviors that web testers often miss:

Platform-specific risk areas:
- App state management: foreground/background/killed state transitions during key flows
- Push notification delivery in all app states
- Permissions: location, notifications, camera — grant, deny, revoke during a session
- Deep link handling: cold launch vs. warm launch
- Native keyboard vs. custom keyboard interference
- OS-level interruptions: phone call, low battery alert, system update notification
- Offline mode and sync behavior when connectivity resumes

Adapt the following charter for an iOS exploratory session.
Feature: Address auto-fill during checkout

Add mobile-specific angles for:
1. App backgrounding during the address API call (does it resume correctly?)
2. iOS system autofill conflict with the app's custom address field
3. Accessibility: VoiceOver navigation through the address form
4. Network switch from WiFi to cellular mid-session
5. Low memory condition handling (force the app to low memory by opening 5 large apps)

Note iOS 17 specific: Include testing of the new StandBy mode if the checkout flow
can be triggered via widget.

CTV Charter Adaptations (Fire TV, Roku, Apple TV)

CTV is often the platform with the shallowest existing charter libraries, making AI assistance particularly valuable here:

Platform-specific risk areas:
- D-pad focus management: focus trapping, lost focus, focus restoration after modal dismiss
- Deeplink navigation and back-stack correctness
- Remote control key mapping: Play/Pause/Fast Forward/Rewind during active forms
- Video playback integration with UI overlays
- Memory and performance under extended usage (2+ hour session)
- 4K HDR content switching and bandwidth adaptation
- Search keyboard (on-screen keyboard) usability and performance

Adapt the following charter for a Roku exploratory session.
Feature: Subscription upsell modal during video playback

Add CTV-specific angles for:
1. D-pad focus behavior when the modal appears over active playback
2. Remote Play/Pause button behavior while the modal is active
3. Selecting the CTA using OK/Select vs. pressing Play
4. Back button behavior from the modal (should resume playback, not navigate away)
5. Modal behavior when the content stream ends mid-display
6. Performance: modal render time during active 4K stream

Charter Adaptation Table: Key Dimensions by Platform

Dimension Web API iOS/Android CTV
Core focus Rendering, layout, interaction Contract, data, concurrency OS integration, state, permissions Remote nav, playback, memory
Most-missed area Accessibility, browser quirks Idempotency, rate limits Background state, notification states Focus management, remote key edge cases
Key technique Cross-browser comparison Contract validation, fuzzing Interrupt testing, permission cycling D-pad traversal mapping, long-session testing
AI most useful for Breakpoint generation, ARIA issues HTTP status matrix, auth edge cases Mobile-specific OS behaviors CTV-specific interaction patterns

Learning Tip: For each platform you test, build a "platform risk modifier" prompt snippet — a 5–10 line addition to any charter generation prompt that injects the platform's specific risk dimensions. Store these in a personal prompt library. When you receive a new charter generation task, pick the appropriate modifier and append it. This ensures platform coverage is never forgotten under time pressure, regardless of which platform you're targeting.

How Do You Use a Charter to Guide Exploration Without Over-Constraining It?

A charter is a compass, not a script. The most common mistake QA engineers make when adopting AI-generated charters is treating them as checklists to complete rather than missions to pursue. Over-constraining your exploration to "finish all the charter items" eliminates the serendipity that makes exploratory testing valuable.

The Tension: Focus vs. Flexibility

The charter exists to prevent aimless wandering. But once you're in the session, the most valuable discoveries often come from following an unexpected observation — something the charter didn't anticipate. The skill is knowing when to follow the charter and when to deviate.

Charter provides: Starting direction, risk-prioritized focus, suggested techniques
Session provides: Live observations that may redirect the mission

The charter shouldn't survive contact with an interesting anomaly unchanged. When you find something unexpected, you have three choices:
1. Note it and continue on charter: The anomaly is low-risk or irrelevant to your session goals
2. Pivot the session: The anomaly indicates a high-risk area worth deeper exploration now
3. Schedule a new charter: The anomaly warrants a dedicated follow-up session

Using AI to Decide Whether to Pivot

This is one of the most powerful real-time AI applications during exploration:

I'm in a session chartered to explore the address auto-fill feature under network degradation.
While testing, I noticed that the ZIP code field briefly flashes the previous session's ZIP
code value when the page loads — it's not populated, but it flickers. This happens
inconsistently (maybe 1 in 5 page loads).

Should I pivot to investigate this, or note it and stay on my network degradation charter?
What's the risk profile of this observation?

AI can help you evaluate: Is this a data leak from a previous session (high security risk)? Is it a rendering artifact (low risk)? What would you need to observe to distinguish between them? How long would pivoting likely take?

This kind of decision support keeps your judgment informed without requiring you to stop and think through everything from scratch.

Tracking Charter Coverage in Real Time

Keep a lightweight coverage log alongside your session notes:

CHARTER: Address auto-fill — network degradation focus

Covered:
✅ Slow network (throttled via DevTools): auto-fill suggestions load with delay, no error state
✅ Connection drop mid-suggestion-load: suggestions disappear, form remains usable
⬜ Timeout (500ms threshold): need to test with simulated 600ms latency
⬜ API down entirely: fallback to client-side regex validation — not yet tested

Deviations:
⚡ Found ZIP flicker on page load (1 in 5 loads) — new charter needed: session state persistence

Time remaining: 25 minutes

Paste this coverage log into your AI assistant at the midpoint:

Here is my current charter coverage status:
[paste coverage log]

I have 25 minutes left. Given what's covered and what's remaining, should I:
a) Finish the remaining charter items (timeout test + API-down fallback)
b) Investigate the ZIP flicker I found (potential data leak)
c) Something else based on the risk profile?

Help me make the best use of the remaining time.

When to Close a Charter vs. When to Keep Going

AI can also assist with the debrief decision — whether a charter is "done" or whether more session time would still yield discoveries:

I've completed a 90-minute session on the following charter: [paste charter]

Here are my findings: [paste summary]

Based on what I found, what areas of the charter are likely still incomplete?
Are there high-risk angles I might not have fully exercised that would warrant a follow-up session?

This prevents the common pattern of declaring coverage complete when the charter items were visited but not deeply exercised.

The Charter as a Communication Tool

AI-generated charters are also stakeholder communication artifacts. A charter tells product managers, developers, and engineering leads what the QA engineer is specifically investigating and why. This matters during risk conversations:

  • "We have three sessions planned: network resilience, data edge cases, and cross-platform consistency" is a more credible coverage communication than "I'm exploring the feature this week."
  • Charters with explicit risk hypotheses give developers a window into QA thinking — often prompting "Oh, I hadn't thought about that" conversations before a session even starts.

Generate a session summary at the end that references the charter:

Session debrief summary for the following charter: [paste charter]

Session notes: [paste notes]

Generate:
1. A summary of what was covered relative to the charter scope
2. Key findings (defects, risks, observations)
3. What was NOT covered (out of time or deferred)
4. Recommended follow-up charters based on gaps found
5. One-paragraph stakeholder summary suitable for a sprint review

Learning Tip: The best use of a charter is as a pre-session alignment tool and a post-session accountability tool. Use it to set expectations before the session ("here's what I'm investigating and why") and to report outcomes after ("here's what I found against what I planned"). This practice transforms exploratory testing from invisible craft work into a visible, communicable engineering activity — which matters enormously when you're making the case for more exploration time in a sprint.

Next Documenting and synthesizing exploratory findings