adaptive-enforcement-lab/testing-strategies
plugins/build/skills/testing-strategies/SKILL.md
Build confidence with comprehensive CLI testing. Unit tests catch logic bugs with fakes, integration tests verify API contracts, E2E tests validate workflows.
tools
Updated Mar 27, 2026
$ install --global
skillsauthnpx skillsauth add adaptive-enforcement-lab/claude-skills testing-strategiesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 8:36 AM36.8s1 file scanned
SKILL.md
- name:
- testing-strategies
- description:
- >-
Testing Strategies
When to Use This Skill
A well-tested CLI uses different testing strategies at different levels. This section covers:
- Unit Testing - Fake clients and interface-based design
- Integration Testing - envtest and real API servers
- E2E Testing - Full workflow tests in CI/CD
Implementation
See the full implementation guide in the source documentation.
Key Principles
| Practice | Description |
| ---------- | ------------- |
| Interface first | Design for testability with interfaces |
| Table-driven tests | Cover edge cases systematically |
| Parallel tests | Use t.Parallel() where safe |
| Build tags | Separate integration tests with //go:build integration |
| Clean up | Always clean up test resources |
Test at the right level. Unit tests catch logic bugs. Integration tests catch API issues. E2E tests catch workflow bugs.
Techniques
Overview
A well-tested CLI uses different testing strategies at different levels. This section covers:
- Unit Testing - Fake clients and interface-based design
- Integration Testing - envtest and real API servers
- E2E Testing - Full workflow tests in CI/CD
Testing Pyramid
graph TB
E2E[E2E Tests<br/>Full workflow in real cluster]
Integration[Integration Tests<br/>Real API server with kind/envtest]
Unit[Unit Tests<br/>Fake clients and mock interfaces]
E2E --> Integration --> Unit
%% Ghostty Hardcore Theme
style E2E fill:#9e6ffe,color:#1b1d1e
style Integration fill:#65d9ef,color:#1b1d1e
style Unit fill:#a7e22e,color:#1b1d1e
Test Organization
myctl/
├── cmd/
│ ├── check.go
│ └── check_test.go # Command tests
├── pkg/
│ ├── k8s/
│ │ ├── client.go
│ │ ├── client_test.go # Unit tests with fakes
│ │ └── fake_client.go # Test doubles
│ └── selector/
│ ├── selector.go
│ └── selector_test.go
└── test/
├── e2e/ # E2E tests
└── fixtures/ # Test resources
Makefile Targets
.PHONY: test test-unit test-integration test-e2e
test: test-unit
test-unit:
go test -v -race ./...
test-integration:
go test -v -tags=integration ./pkg/...
test-e2e:
./test/e2e/run.sh
Best Practices
| Practice | Description |
| ---------- | ------------- |
| Interface first | Design for testability with interfaces |
| Table-driven tests | Cover edge cases systematically |
| Parallel tests | Use t.Parallel() where safe |
| Build tags | Separate integration tests with //go:build integration |
| Clean up | Always clean up test resources |
Test at the right level. Unit tests catch logic bugs. Integration tests catch API issues. E2E tests catch workflow bugs.
Examples
See examples.md for code examples.
References
- Source Documentation
- AEL Build
Related Skills
adaptive-enforcement-lab/workload-identity-federation-implementation
documentation
VerifiedTrustedCommunity
Workload Identity Federation implementation guide. GKE setup, IAM bindings, ServiceAccount configuration, migration from service account keys, and troubleshooting patterns.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/workflow-trigger-security
development
VerifiedTrustedCommunity
Secure GitHub Actions trigger patterns for pull requests, forks, and reusable workflows. Preventing privilege escalation and code injection through trigger misconfiguration.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/third-party-action-risk-assessment
development
VerifiedTrustedCommunity
Structured framework for evaluating GitHub Actions security before adoption. Trust tiers, risk assessment checklist, and decision tree for action evaluation.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/storing-credentials
testing
VerifiedTrustedCommunity
Securely store GitHub App credentials across different environments. GitHub Actions secrets, external CI, Kubernetes, and automated rotation patterns.
SKILL.mdUpdated Mar 27, 2026