macieklamberski/testing
skills/testing/SKILL.md
Guide for writing comprehensive, well-structured tests with full coverage. Use when creating test files, adding tests to existing files, reviewing test coverage, or when asked to write, fix, or expand tests. Covers test organization (flat vs nested), coverage categories (happy/sad/edge), .todo patterns for planned tests, and formatting conventions.
$ install --global
skillsauthnpx skillsauth add macieklamberski/kvalita testingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 13, 2026, 7:45 AM53.8s3 files scanned
SKILL.md
- name:
- testing
- description:
- Guide for writing comprehensive, well-structured tests with full coverage. Use when creating test files, adding tests to existing files, reviewing test coverage, or when asked to write, fix, or expand tests. Covers test organization (flat vs nested), coverage categories (happy/sad/edge), .todo patterns for planned tests, and formatting conventions.
Test Writing Guide
Detect the test library from project (bun:test, vitest, jest, etc.) and use its idioms. Never assume a specific framework.
For general code formatting rules (arrow functions, naming, exports, etc.), see the formatting skill.
File Conventions
- Test files use
*.test.tsnaming (not*.spec.ts) - Co-locate tests next to their source file (not in
__tests__/directories) - Example:
helpers/urls.ts→helpers/urls.test.ts
Structure: Flat vs Nested
Flat — for pure/simple functions (parsers, validators, formatters):
describe('functionName', () => {
it('should return X with valid input', () => {})
it('should return undefined for empty string', () => {})
})
Nested 3-category — for complex functions (DB operations, API handlers, side effects):
describe('functionName', () => {
describe('happy paths', () => {
it('should create record with all fields', () => {})
it('should create record with minimal fields', () => {})
})
describe('sad paths', () => {
it('should throw NotFoundError when record missing', () => {})
})
describe('edge cases', () => {
it('should handle duplicate operation idempotently', () => {})
})
})
When to use which:
- Side effects, external deps, DB, API calls → nested
- Pure transformation, parser, validator → flat
- Flat file growing beyond ~15 tests → consider switching to nested
Coverage Categories
Happy paths — normal successful operations:
- Success with full/complete input
- Success with minimal/partial input
- Expected return values and side effects
Sad paths — expected failures:
- Thrown exceptions (NotFoundError, ValidationError, etc.)
- Validation failures on invalid input
- Unauthorized/wrong-user access
- Missing required data or dependencies
Edge cases — boundary conditions:
- Idempotency (repeating the same operation)
- Pagination and cursor handling
- Null, empty, or zero values
- Concurrent or conflicting operations
- Already-existing data (upsert behavior)
- Computed/derived fields and timestamps
Coverage Checklist
For every function, consider:
- What does success look like with full input?
- What does success look like with minimal input?
- What errors can this function throw?
- What happens with unauthorized/wrong-user access?
- What are the boundary conditions?
- What if the operation is repeated (idempotent)?
- What if related data is missing or empty?
Implement the most critical tests first (happy paths). Use .todo for the rest.
Principles
- Test behavior, not implementation — test through public API. If behavior doesn't change, tests shouldn't break. If private logic is complex, extract it into its own module and test that.
- Mock at boundaries only — mock external services (HTTP, email, payment), never your own DB or internal modules. Prefer stubs/spies over mocks (verify state, not calls).
- Each test is self-contained — never rely on test execution order. No shared mutable state. Reset mocks in beforeEach.
- Hard-code expected values — never compute them with string concat, loops, or conditionals in test code.
- Type expected values explicitly — use
const expected: Array<MyType> = [...]instead ofas const. Explicit type annotations keep arrays mutable (avoiding readonly conflicts with matchers) while still narrowing literal/discriminated union types. - Use realistic data — not
"foo"/"bar". Include only data relevant to the specific test. - One behavior per test — no piggyback assertions testing unrelated things.
- Convert production bugs to regression tests — every bug gets a test before fixing.
For detailed guidance on mocking, isolation, data patterns, and common anti-patterns, see references/best-practices.md.
The .todo Pattern
Use it.todo for planned but unimplemented tests. Every .todo MUST include a comment inside the callback body explaining the scenario:
// Simple scenario — single sentence.
it.todo('should preserve existing title when feed title is null', () => {
// Feed has null title — channel should keep its existing title.
})
// Complex scenario — multi-line with setup and expected behavior.
it.todo('should timeout when headers delayed beyond maxTimeout', () => {
// Server delays sending headers for 16+ seconds (> maxTimeout: 15s).
// Expected: ETIMEDOUT error after ~15 seconds, retry triggered,
// after 3 retries throw UnreachableUrlError.
})
Use describe.todo for entire groups of planned tests:
describe.todo('error handling', () => {
it.todo('should throw on invalid URL', () => {
// Pass malformed URL like 'not-a-url' or 'ht!tp://bad'.
// Expected: URL parse error before safety check runs.
})
})
Guidelines:
- Never leave a
.todowithout a comment - Comments go inside the callback, not above
it.todo - Implement happy paths first,
.todosad paths and edge cases when not immediately critical
Formatting Reference
For detailed rules on variable naming, spacing, assertions, object formatting, and test ordering, see references/formatting.md.
Related Skills
macieklamberski/formatting
development
VerifiedTrustedCommunity
Code formatting and style rules not handled by auto-formatters (Biome/Prettier). Use when writing or modifying code files. Covers function declarations, exports, types, comments, JSX, and naming conventions.
2SKILL.mdUpdated Apr 26, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026
openclaw/openclaw-release-maintainer
development
VerifiedTrustedCommunity
Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/openclaw-qa-testing
development
VerifiedTrustedCommunity
Run, watch, debug, and extend OpenClaw QA testing with qa-lab and qa-channel. Use when Codex needs to execute the repo-backed QA suite, inspect live QA artifacts, debug failing scenarios, add new QA scenarios, or explain the OpenClaw QA workflow. Prefer the live OpenAI lane with regular openai/gpt-5.4 in fast mode; do not use gpt-5.4-pro or gpt-5.4-mini unless the user explicitly overrides that policy.
357,764SKILL.mdUpdated Apr 10, 2026