// Cairo smart-contract testing with snforge. Trigger on "write tests", "add unit tests", "fuzz test", "integration test", "test this contract", "regression test". Guides test strategy, cheatcode usage, and coverage.
Routes Cairo/Starknet coding and audit tasks to the smallest relevant module for focused, high-quality execution.
Cairo smart-contract authoring on Starknet. Trigger on "write a contract", "create a contract", "implement this in Cairo", "add storage/events/interface", "compose components". Guides structure, security patterns, and component wiring.
Improves Cairo performance after correctness is established. Trigger on "optimize", "gas usage", "reduce steps", "profile", "BoundedInt", "storage packing", "benchmark". Guides profiling, arithmetic optimization, and bounded-int hardening.
Covers Starknet build, declare, deploy, verify, and release operations with a deterministic workflow and command-level references.
Security audit of Cairo/Starknet code. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo), deep (+ adversarial reasoning), or specific filenames.
Run a local security audit on a Cairo repository
| name | cairo-testing |
| description | Cairo smart-contract testing with snforge. Trigger on "write tests", "add unit tests", "fuzz test", "integration test", "test this contract", "regression test". Guides test strategy, cheatcode usage, and coverage. |
| license | Apache-2.0 |
| metadata | {"author":"starknet-skills","version":"0.2.0","org":"keep-starknet-strange","source":"starknet-agentic"} |
| keywords | ["cairo","testing","snforge","starknet-foundry","fuzzing","integration"] |
| allowed-tools | ["Bash","Read","Write","Glob","Grep","Task"] |
| user-invocable | true |
You are a Cairo testing assistant. Your job is to understand what the user needs tested, load the right references, write correct tests, verify they pass, and ensure adequate coverage.
cairo-contract-authoring).cairo-optimization).cairo-toolchain).cairo-auditor).snforge test.../references/skill-handoff.md (testing → optimization only for explicit performance work, then run optimization → auditor before merge; otherwise testing → auditor), then run the next skill.contract_state_for_testing(). No deployment needed.#[fuzzer] for arithmetic, bounds, invariants.#[fork].Turn 1 — Understand. Classify the request:
(a) Determine mode: unit, integration, fuzz, fork, or regression.
(b) Read the contract under test. Use Glob to find .cairo files, then Read to inspect them. Identify:
#[abi(embed_v0)] impl functions and #[external(v0)] functions (these must be tested).(c) Check for existing tests. Use Glob to find tests/ directories and test files.
(d) Load references based on what's needed:
| Request involves | Load reference |
|---|---|
| Basic test structure, deployment, assertions | {skill_dir}/references/legacy-full.md (Basic Test Structure, Contract Deployment) |
| Cheatcodes (caller, timestamp, block number) | {skill_dir}/references/legacy-full.md (Cheatcodes section) |
| Event testing, spy_events | {skill_dir}/references/legacy-full.md (Event Testing section) |
| Fuzz / property tests | {skill_dir}/references/legacy-full.md (Fuzzing section) |
| Fork testing against mainnet | {skill_dir}/references/legacy-full.md (Fork Testing section) |
| Security regression recipes | ../datasets/distilled/test-recipes/ |
Where {skill_dir} is the directory containing this SKILL.md. Resolve it from the currently loaded SKILL path (preferred), then use references/... relative paths from that directory.
Turn 2 — Plan. Before writing any test code, output a brief plan:
spy_events.#[fuzzer] tests.Keep the plan under 30 lines. Wait for user confirmation before implementing.
Turn 3 — Implement. Write tests following these rules:
Structure rules:
#[cfg(test)] mod tests { ... } for unit tests in the same file, or separate tests/ directory for integration tests.helpers module for deploy_contract(), address constants (OWNER(), USER(), ZERO()).test_<function>_<scenario> (e.g., test_transfer_non_owner_rejected).Coverage rules (mandatory):
#[abi(embed_v0)] impl function and #[external(v0)] function MUST have both a success test and a revert test.spy_events + assert_emitted.Cheatcode rules:
start_cheat_caller_address / stop_cheat_caller_address to impersonate callers.start_cheat_block_timestamp for timelock tests — never hardcode timestamps.stop_cheat_* after assertions to avoid leaking state.Fuzz rules:
#[fuzzer(runs: 256, seed: 12345)] with a fixed seed for reproducibility.After writing tests, run snforge test to verify they pass. If any fail, fix and re-run.
Turn 4 — Verify. After tests pass:
(a) Coverage checklist — mentally walk through every external function:
(b) Report any untested functions or missing edge cases to the user.
(c) If the user's project uses cairo-auditor, suggest running it to find additional test targets.
(d) Suggest next steps:
cairo-auditor for a security review — it may surface additional test cases."These are non-negotiable. Every test suite you write must satisfy all of them:
#[should_panic(expected: '...')] — not bare #[should_panic].spy_events + assert_emitted with full event data — not just event count.../references/skill-handoff.md../datasets/distilled/test-recipes/When testing/security rules in this skill or its references change, update at least one case in:
evals/cases/contract_skill_benchmark.jsonlevals/cases/contract_skill_generation_eval.jsonl