aj-geddes/testing
skills/testing/SKILL.md
Guides the user through test-first development and test strategy decisions. ALWAYS trigger on "write tests", "TDD", "test coverage", "mock", "test fails", "flaky test", "how to test", "unit test", "integration test", "e2e test", "test structure", "what to test", "test organization", "coverage report", "testing strategy", "arrange act assert". Use when writing new tests, choosing test types, setting up mocking, debugging flaky tests, improving coverage, or designing testable code. Different from qa-security agent which focuses on code review and security audits rather than test authoring.
$ install --global
skillsauthnpx skillsauth add aj-geddes/unicorn-team testingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 4:47 PM53.3s5 files scanned
SKILL.md
- name:
- testing
- description:
- >-
Testing Domain Skill
TDD Cycle: RED -> GREEN -> REFACTOR
- RED - Write a failing test. Must fail for the right reason.
- GREEN - Write minimum code to pass. No gold plating.
- REFACTOR - Improve design. Tests stay green.
# RED
def test_user_full_name():
user = User(first="Jane", last="Doe")
assert user.full_name() == "Jane Doe"
# GREEN
class User:
def __init__(self, first, last):
self.first = first
self.last = last
def full_name(self):
return f"{self.first} {self.last}"
# REFACTOR: tests pass, clean up if needed
See: references/tdd-deep-dive.md for advanced TDD techniques.
What to Test / What NOT to Test
DO test (behavior):
- Public API contracts
- Edge cases and boundaries
- Error conditions
- State transitions
- Business logic
DON'T test (implementation):
- Private methods (test through public API)
- Language features
- Third-party libraries (only verify integration)
- Trivial getters/setters
- Generated code, migrations, static config
Test Types
Unit Tests
- Run in milliseconds, no I/O, no external dependencies
- Deterministic, parallelizable
- Test single units of behavior
Integration Tests
- Seconds to run, may involve I/O
- Test real component boundaries
- Run sequentially if stateful
E2E Tests
- Slowest (seconds to minutes)
- Test complete user flows from user perspective
- Run against staging/test environment
Characterization Tests
- Capture existing behavior of legacy code before refactoring
- Document current behavior (even if wrong), then refactor against it
See: references/test-patterns-by-language.md for language-specific frameworks and idioms.
Test Structure: Arrange-Act-Assert
def test_shopping_cart_total():
# Arrange
cart = ShoppingCart()
cart.add_item(Item("Book", 10.00))
# Act
total = cart.calculate_total()
# Assert
assert total == 10.00
Prefer one assertion per test. Exception: related assertions on the same object.
Coverage Requirements
| Metric | Threshold | |--------|-----------| | Line coverage | 80% minimum (CI-enforced) | | Branch coverage | More important than line coverage | | Critical paths | 100% |
Coverage Commands
| Language | Command |
|----------|---------|
| Python | pytest --cov=myapp --cov-report=html --cov-fail-under=80 |
| JavaScript | jest --coverage --coverageThreshold='{"global":{"lines":80}}' |
| Go | go test -cover -coverprofile=coverage.out && go tool cover -html=coverage.out |
| Rust | cargo tarpaulin --out Html --output-dir coverage |
See: references/coverage-strategies.md for branch coverage, mutation testing, and coverage-driven development.
Mocking Strategy
When to Mock
| Mock | Don't Mock | |------|-----------| | Network calls (APIs, databases) | Internal implementation details | | Filesystem access | Value objects and data structures | | Time/randomness dependencies | The code under test | | Slow or unreliable dependencies | Simple collaborators (prefer real objects) | | Paid third-party APIs | |
Mock Types
- Stub - Returns predefined values. Use for simple dependency replacement.
- Spy - Records calls for verification. Use when you need to assert interactions.
- Fake - Simplified working implementation (e.g., in-memory repository). Use for complex dependencies.
Cross-Language Mocking
| Language | Tool | Verify Call |
|----------|------|-------------|
| Python | unittest.mock.Mock() | assert_called_once() |
| JavaScript | jest.fn() | expect().toHaveBeenCalled() |
| Go | Interfaces + mock structs | Track call state manually |
| Rust | Traits + mock impls | RefCell for interior mutability |
See: references/mocking-strategies.md for comprehensive patterns and anti-patterns.
Anti-Patterns
| Anti-Pattern | Problem | Fix | |-------------|---------|-----| | Testing implementation | Brittle tests that break on refactor | Test WHAT (outputs/behavior), not HOW (internal calls) | | Flaky tests | Non-deterministic failures | Inject time deps, isolate state, use wait conditions for async | | Over-mocking | Tests verify mocks, not behavior | Only mock external boundaries, use real objects internally |
Test Organization
- Structure: Separate
unit/,integration/,e2e/directories - Naming conventions:
test_*.py,*.test.js,*_test.go,tests.rs - Function names: Descriptive --
test_user_login_with_invalid_password_returns_error()nottest_case_1()
Quick Reference
| Task | Python | JavaScript | Go | Rust |
|------|--------|------------|----|------|
| Run tests | pytest -x | npm test -- --watch | go test ./... | cargo test |
| Coverage | pytest --cov=. --cov-fail-under=80 | jest --coverage | go test -cover | cargo tarpaulin |
Remember
- RED -> GREEN -> REFACTOR is mandatory
- Test behavior, not implementation
- 80% coverage minimum, critical paths 100%
- Mock external boundaries only
- Fast, isolated, deterministic tests
- One clear assertion per test (when practical)
- Arrange-Act-Assert for clarity
- Descriptive test names document behavior
- Fix flaky tests immediately (never ignore)
- Tests are first-class code (refactor them too)
Additional Resources
references/tdd-deep-dive.md- Advanced TDD techniques and when to break rulesreferences/mocking-strategies.md- Comprehensive mocking patterns and anti-patternsreferences/test-patterns-by-language.md- Language-specific testing patternsreferences/coverage-strategies.md- Advanced coverage techniques and mutation testing
Related Skills
aj-geddes/orchestrator
tools
VerifiedTrustedCommunity
Coordinates the 10X Unicorn agent team with cost-aware model tiering, MCP-aware routing, and workflow fan-out. ALWAYS trigger on "implement", "build", "create", "design system", "deploy", "learn new language", "refactor", "fix bug", "set up CI", "code review", "how long will this take", "estimate", "architecture", "add feature", "write code", "debug", "review PR", "set up pipeline", "migrate", "optimize". Use for any multi-step task, implementation request, architecture decision, or quality enforcement. Different from individual agent skills which handle execution -- this skill handles coordination, routing, model selection, and quality gates.
8SKILL.mdUpdated Apr 25, 2026
aj-geddes/technical-debt
development
VerifiedTrustedCommunity
Guides deliberate management of technical debt: recognition, tracking, prioritization, and paydown. ALWAYS trigger on "technical debt", "code shortcut", "pay down debt", "debt tracking", "just for now", "temporary hack", "hardcoded value", "copy-paste code", "missing tests", "TODO cleanup", "refactor plan", "debt priority", "interest cost", "boy scout rule", "code quality backlog". Use when taking a shortcut, discovering suboptimal code, planning debt paydown, or quantifying ongoing cost of compromises.
7SKILL.mdUpdated Apr 25, 2026
aj-geddes/self-verification
development
VerifiedTrustedCommunity
Guides the user through systematic pre-commit quality verification. ALWAYS trigger on "review my code", "check my work", "before commit", "self-review", "quality check", "am I ready to commit", "pre-commit review", "code quality", "verify my changes", "sanity check", "review before merge", "is this ready". Use before any commit, merge, or code review submission.
7SKILL.mdUpdated Apr 25, 2026
aj-geddes/security
development
VerifiedTrustedCommunity
Guides secure development using defense-in-depth and attacker's mindset. ALWAYS trigger on "security review", "vulnerability", "authentication", "authorization", "input validation", "XSS", "SQL injection", "CSRF", "secrets management", "OWASP", "threat model", "security scan", "path traversal", "mass assignment", "privilege escalation", "security headers", "bandit", "dependency audit", "hardening". Use when implementing auth, handling user input, storing secrets, reviewing code for vulnerabilities, or preparing for production deployment. Different from devops skill which covers infrastructure; this covers application-level security patterns.
7SKILL.mdUpdated Apr 25, 2026