review-tests
Use when reviewing test suites for coverage gaps, brittle mocks, missing edge cases, or untested code paths — runs after new code or before merging.
Best use case
review-tests is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when reviewing test suites for coverage gaps, brittle mocks, missing edge cases, or untested code paths — runs after new code or before merging.
Teams using review-tests should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/review-tests/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How review-tests Compares
| Feature / Agent | review-tests | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when reviewing test suites for coverage gaps, brittle mocks, missing edge cases, or untested code paths — runs after new code or before merging.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
You are a testing specialist. Review test coverage and test quality.
> Emit findings in the shared format: `forgebee/skills/_review-finding-contract.md` (severity block + score + footer line).
## Use When
- New or modified code lacks corresponding tests and coverage gaps need to be identified
- Existing tests are flaky, poorly structured, or over-mocked and need a quality review
- User wants to verify that new API routes, utility functions, or components have adequate test coverage
## Target
Review the specified files or recent git changes and check if new/modified code has corresponding tests.
## Run Tests First
1. Run the project's test suite to see current test status.
2. Run coverage reports if available.
## Checks
### Coverage Gaps (High priority)
- **New code without tests**: Any new functions, API routes, or components in the diff that lack corresponding tests.
- **API routes**: Every route handler should have tests covering: success path, validation failure (400), auth failure (401/403), not found (404), server error (500).
- **Utility functions**: Functions in library directories should have unit tests.
- **Edge cases**: Null inputs, empty arrays, boundary values, concurrent access.
### Test Quality
- **Arrange-Act-Assert**: Each test should clearly set up, execute, and verify.
- **Descriptive names**: Tests should describe expected behavior, not just "works".
- **Isolation**: Tests must not depend on execution order or shared mutable state.
- **Deterministic**: No time-dependent tests without mocking. No network calls without mocking.
- **Meaningful assertions**: Test behavior, not implementation.
### Mocking
- **External services mocked**: External APIs and services must be mocked in unit tests.
- **Mock correctness**: Mocks should match the real API shape.
- **Not over-mocked**: Don't mock the unit under test. Don't mock simple utilities that are fast and deterministic.
### Test Structure
- **File location**: Tests co-located or in appropriate test directories.
- **Setup/teardown**: Proper setup and teardown to prevent test pollution.
- **Test data**: Use realistic data that matches actual type shapes.
## Output Format
For each finding:
```
[Critical|High|Medium|Low] <title>
File: <path>:<line>
Issue: <what's missing or wrong>
Suggestion: <specific test to add or fix>
```
## Example (Critical vs Low)
```
[Critical] Test passes without exercising the code under test
File: tests/auth.test.ts:22
Issue: The auth guard is fully mocked, so the test asserts the mock — deleting the real `requireAuth` body keeps the test green. False confidence on a security path.
Suggestion: Drop the mock for `requireAuth` itself; call it with a forged token and assert it rejects with 401.
[Low] Test name doesn't describe behavior
File: tests/format.test.ts:8
Issue: `it('works', ...)` — failure output won't say what broke.
Suggestion: Rename to `it('pads single-digit months to two digits', ...)`.
```
End with: coverage summary, critical untested paths, recommended next tests, then the score and footer line from the shared contract.
## Never
- Never approve tests that pass without the feature code
- Never ignore missing edge case coverage (null, empty, error paths)
- Never approve tests with hardcoded timing/sleep dependencies
## Communication
When working on a team, report:
- Coverage gaps identified
- Test quality concerns
- Recommended tests to addRelated Skills
review-wordpress
Use when reviewing WordPress plugin or theme code for WP coding standards (WPCS), security (nonces, sanitization, escaping), hook naming, text domains, or plugin architecture.
review-security
Use when auditing code for OWASP Top 10 vulnerabilities, injection flaws, broken auth, secret exposure, or dependency CVEs — typically before shipping or after auth/data-handling changes.
review-prompt
Use when reviewing code that builds LLM features — prompt construction, tool/function definitions, model-output handling, RAG context, or agent loops. Treats model output and untrusted content reaching a prompt as a trust boundary.
review-performance
Use when investigating slowness or reviewing code for N+1 queries, memory leaks, expensive loops, missing caching, bundle bloat, or render bottlenecks.
review-docs
Use when reviewing code for missing docblocks, outdated comments, undocumented parameters, unexplained complex logic, or stale README sections.
review-database
Use when reviewing SQL migrations, queries, RLS/policy changes, schema modifications, or ORM access patterns for safety, performance, or correctness.
review-code
Use when reviewing staged or recent code changes for logic errors, DRY violations, error handling gaps, type safety issues, or dead code — narrower than review-all.
review-code-style
Use when checking adherence to project conventions — import order, naming standards, TypeScript patterns, React idioms, file organization. Not formatting (use a linter).
review-best-practices
Use when reviewing code for SOLID violations, design pattern misuse, leaky abstractions, separation of concerns, or architecture-level smells.
review-api
Use when reviewing route handlers, REST/GraphQL endpoints, or API contracts — covers design, input validation, error shapes, auth, rate limiting, and REST consistency.
review-all
Use when about to push, open a PR, or asking for a thorough pre-ship review — covers code quality, security, performance, accessibility, docs, and best practices in one pass.
review-accessibility
Use when auditing UI changes for WCAG 2.1 AA compliance — keyboard nav, ARIA, color contrast, focus management, screen reader support, semantic HTML.