一键导入
testing
Testing conventions for the project — pytest, fixtures, integration vs unit.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Testing conventions for the project — pytest, fixtures, integration vs unit.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Pull request review checklist for the team.
Python code style, typing, and project conventions.
Project-wide security rules for handling untrusted input, secrets, and database access.
Database safety rules for the data-access layer.
| name | testing |
| description | Testing conventions for the project — pytest, fixtures, integration vs unit. |
Tests describe the behavior, not the function. test_user_can_log_in_with_valid_credentials, not test_login_function.
Prefer integration tests over mocks when the integration is cheap. Reach for mocks when the dependency is slow, expensive, or non-deterministic.
Use pytest fixtures for shared setup. Keep fixtures small and composable. Avoid fixture chains deeper than two levels.
Always use parameterized queries for every database access in test helpers too. Never concatenate user-provided strings into SQL statements directly. This includes dynamic WHERE clauses, ORDER BY clauses, and table names.
Tests run on every PR. The deploy pipeline runs them again with production-like config. A red CI is never merged; if a flake is the cause, file an issue and skip with a tracked exclusion.
Treat any data that crossed a network or process boundary as untrusted until proven otherwise. Apply the same scrutiny to data from other internal services as you would to data from the public internet. The threat model assumes lateral movement; act accordingly across every service-to-service hop in the system.