一键导入
activity-random-test-tactics
Generate randomized, fuzz, and property-inspired tests with reproducible seeds. Use for randomized compliance testing.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Generate randomized, fuzz, and property-inspired tests with reproducible seeds. Use for randomized compliance testing.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Read and write architectural decisions to the shared memo-cli knowledge base. Use when recording or restoring cross-session context.
Break a technical specification into user stories with coverage validation. Use after generate-spec.
Establish product-context.md and technical-guidelines.md foundation docs. Use in product-engineer Init Mode.
Publish user stories as GitHub Issues following github-ops conventions. Use after generate-stories.
Clarify scope: produce a lightweight issue refinement or a full PRD. Use in product-engineer Feature or Issue Mode.
Execute a task list step-by-step with strict sequencing, branch/PR discipline, GitHub Issue sync, and user approval gates. Single source of truth for implementation. Use when implementing from a tasks-*.md file.
| name | activity-random-test-tactics |
| description | Generate randomized, fuzz, and property-inspired tests with reproducible seeds. Use for randomized compliance testing. |
Generate randomized, fuzz, and property-inspired test strategies with reproducibility controls. Produces test tactics that detect behavior drift and hidden defects through non-deterministic inputs while maintaining deterministic replay. Invoked by the black-box-tester agent in Design Mode.
RFC 2119 Notice: The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be interpreted as described in RFC 2119.
Design randomized and property-based testing tactics that complement structured E2E and edge-case tests. Every tactic MUST include seed capture and deterministic replay instructions so that failures can be reproduced and triaged.
This activity assumes:
black-box-tester).black-box-tester.Generate malformed, unexpected, or random inputs to discover crashes, unhandled exceptions, or security vulnerabilities.
When to apply: Any endpoint or function that accepts user input — forms, API bodies, file uploads, query parameters.
Approach:
Define invariants (properties) that must hold for all valid inputs, then generate many random valid inputs to verify.
When to apply: Business rules that express universal constraints (e.g., "total is always ≥ 0", "output list is always sorted", "idempotent endpoint returns same result on retry").
Approach:
Execute random sequences of valid API calls to discover state-dependent bugs.
When to apply: Systems with stateful resources (CRUD workflows, multi-step processes, session-based interactions).
Approach:
Every randomized tactic MUST satisfy these controls:
| Requirement | Description |
|---|---|
| Seed capture | Record the PRNG seed used for each run. |
| Seed replay | Provide a command or instruction to re-run the exact same sequence using the captured seed. |
| Iteration count | Document the number of iterations per tactic. |
| Deterministic oracle | The pass/fail oracle MUST be deterministic for a given input — no "sometimes fails" verdicts. |
| Environment snapshot | Record runtime environment details (OS, runtime version, relevant config) alongside results. |
Seed format: <tactic-type>-<AC-id>-<unix-timestamp>-<random-4-hex>
Example: fuzz-AC3-1719849600-a3f1
Replay command template:
<test-runner> --seed=<captured-seed> --tactic=<tactic-id> --iterations=1
Seeds MUST be included in the test plan and in any failure reports.
### RT-{id}: {Tactic Title}
| Field | Value |
| ---------------------- | ---------------------------------------------------------------------- |
| **AC(s)** | AC-{n} |
| **Tactic type** | fuzz / property-based / stateful-random-walk |
| **Input surface** | {What is being fuzzed or randomized} |
| **Property / Oracle** | {Invariant that must hold, or failure condition} |
| **Iterations** | {Number of random iterations} |
| **Seed** | {To be captured at execution time} |
| **Replay instruction** | {Command to reproduce with captured seed} |
| **Shrink strategy** | {How to minimize failing input — binary search, delta debugging, etc.} |
Given AC-2: "API returns paginated results with at most 50 items per page."
| Field | Value |
|---|---|
| AC(s) | AC-2 |
| Tactic type | fuzz |
| Input surface | Query parameters page and pageSize on GET /api/items |
| Property / Oracle | Response always returns ≤50 items. Status is never 5xx. Response time <2s. |
| Iterations | 500 |
| Seed | fuzz-AC2-{timestamp}-{hex} |
| Replay instruction | test-runner --seed=<seed> --tactic=RT-1 --iterations=1 |
| Shrink strategy | Binary search on pageSize value to find minimum trigger. |
Mutation corpus for page/pageSize:
page=1..1000, pageSize=1..50page=-1, page=0, page=999999, pageSize=0, pageSize=51, pageSize=-1, pageSize=NaN, pageSize="", pageSize=1.5, omit parameter entirely| Field | Value |
|---|---|
| AC(s) | AC-2 |
| Tactic type | property-based |
| Input surface | Random valid pageSize values (1–50) with random page values |
| Property / Oracle | len(response.items) <= pageSize for all inputs. |
| Iterations | 200 |
| Seed | prop-AC2-{timestamp}-{hex} |
| Replay instruction | test-runner --seed=<seed> --tactic=RT-2 --iterations=1 |
| Shrink strategy | Reduce pageSize to find smallest value where property fails. |
When a randomized test fails, the black-box-tester agent follows this workflow:
product-engineer.developer.inconclusive.Use this checklist to verify completeness before returning results:
This skill returns a list of randomized tactics in the template format above. The calling agent (black-box-tester) assembles them into the randomized-tactics section of the test plan.