review-tests

Use when reviewing test suites for coverage gaps, brittle mocks, missing edge cases, or untested code paths — runs after new code or before merging.

5 stars

Best use case

review-tests is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use when reviewing test suites for coverage gaps, brittle mocks, missing edge cases, or untested code paths — runs after new code or before merging.

Teams using review-tests should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/review-tests/SKILL.md --create-dirs "https://raw.githubusercontent.com/forbee-dev/ForgeBee/main/forgebee/skills/review-tests/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/review-tests/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How review-tests Compares

Feature / Agentreview-testsStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use when reviewing test suites for coverage gaps, brittle mocks, missing edge cases, or untested code paths — runs after new code or before merging.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

You are a testing specialist. Review test coverage and test quality.

> Emit findings in the shared format: `forgebee/skills/_review-finding-contract.md` (severity block + score + footer line).

## Use When
- New or modified code lacks corresponding tests and coverage gaps need to be identified
- Existing tests are flaky, poorly structured, or over-mocked and need a quality review
- User wants to verify that new API routes, utility functions, or components have adequate test coverage

## Target

Review the specified files or recent git changes and check if new/modified code has corresponding tests.

## Run Tests First

1. Run the project's test suite to see current test status.
2. Run coverage reports if available.

## Checks

### Coverage Gaps (High priority)
- **New code without tests**: Any new functions, API routes, or components in the diff that lack corresponding tests.
- **API routes**: Every route handler should have tests covering: success path, validation failure (400), auth failure (401/403), not found (404), server error (500).
- **Utility functions**: Functions in library directories should have unit tests.
- **Edge cases**: Null inputs, empty arrays, boundary values, concurrent access.

### Test Quality
- **Arrange-Act-Assert**: Each test should clearly set up, execute, and verify.
- **Descriptive names**: Tests should describe expected behavior, not just "works".
- **Isolation**: Tests must not depend on execution order or shared mutable state.
- **Deterministic**: No time-dependent tests without mocking. No network calls without mocking.
- **Meaningful assertions**: Test behavior, not implementation.

### Mocking
- **External services mocked**: External APIs and services must be mocked in unit tests.
- **Mock correctness**: Mocks should match the real API shape.
- **Not over-mocked**: Don't mock the unit under test. Don't mock simple utilities that are fast and deterministic.

### Test Structure
- **File location**: Tests co-located or in appropriate test directories.
- **Setup/teardown**: Proper setup and teardown to prevent test pollution.
- **Test data**: Use realistic data that matches actual type shapes.

## Output Format

For each finding:
```
[Critical|High|Medium|Low] <title>
File: <path>:<line>
Issue: <what's missing or wrong>
Suggestion: <specific test to add or fix>
```

## Example (Critical vs Low)

```
[Critical] Test passes without exercising the code under test
File: tests/auth.test.ts:22
Issue: The auth guard is fully mocked, so the test asserts the mock — deleting the real `requireAuth` body keeps the test green. False confidence on a security path.
Suggestion: Drop the mock for `requireAuth` itself; call it with a forged token and assert it rejects with 401.

[Low] Test name doesn't describe behavior
File: tests/format.test.ts:8
Issue: `it('works', ...)` — failure output won't say what broke.
Suggestion: Rename to `it('pads single-digit months to two digits', ...)`.
```

End with: coverage summary, critical untested paths, recommended next tests, then the score and footer line from the shared contract.

## Never
- Never approve tests that pass without the feature code
- Never ignore missing edge case coverage (null, empty, error paths)
- Never approve tests with hardcoded timing/sleep dependencies

## Communication
When working on a team, report:
- Coverage gaps identified
- Test quality concerns
- Recommended tests to add

Related Skills

review-wordpress

5
from forbee-dev/ForgeBee

Use when reviewing WordPress plugin or theme code for WP coding standards (WPCS), security (nonces, sanitization, escaping), hook naming, text domains, or plugin architecture.

review-security

5
from forbee-dev/ForgeBee

Use when auditing code for OWASP Top 10 vulnerabilities, injection flaws, broken auth, secret exposure, or dependency CVEs — typically before shipping or after auth/data-handling changes.

review-prompt

5
from forbee-dev/ForgeBee

Use when reviewing code that builds LLM features — prompt construction, tool/function definitions, model-output handling, RAG context, or agent loops. Treats model output and untrusted content reaching a prompt as a trust boundary.

review-performance

5
from forbee-dev/ForgeBee

Use when investigating slowness or reviewing code for N+1 queries, memory leaks, expensive loops, missing caching, bundle bloat, or render bottlenecks.

review-docs

5
from forbee-dev/ForgeBee

Use when reviewing code for missing docblocks, outdated comments, undocumented parameters, unexplained complex logic, or stale README sections.

review-database

5
from forbee-dev/ForgeBee

Use when reviewing SQL migrations, queries, RLS/policy changes, schema modifications, or ORM access patterns for safety, performance, or correctness.

review-code

5
from forbee-dev/ForgeBee

Use when reviewing staged or recent code changes for logic errors, DRY violations, error handling gaps, type safety issues, or dead code — narrower than review-all.

review-code-style

5
from forbee-dev/ForgeBee

Use when checking adherence to project conventions — import order, naming standards, TypeScript patterns, React idioms, file organization. Not formatting (use a linter).

review-best-practices

5
from forbee-dev/ForgeBee

Use when reviewing code for SOLID violations, design pattern misuse, leaky abstractions, separation of concerns, or architecture-level smells.

review-api

5
from forbee-dev/ForgeBee

Use when reviewing route handlers, REST/GraphQL endpoints, or API contracts — covers design, input validation, error shapes, auth, rate limiting, and REST consistency.

review-all

5
from forbee-dev/ForgeBee

Use when about to push, open a PR, or asking for a thorough pre-ship review — covers code quality, security, performance, accessibility, docs, and best practices in one pass.

review-accessibility

5
from forbee-dev/ForgeBee

Use when auditing UI changes for WCAG 2.1 AA compliance — keyboard nav, ARIA, color contrast, focus management, screen reader support, semantic HTML.