tessl-labs/go-api-testing
Go API testing patterns -- httptest setup, table-driven tests with subtests, test helpers, middleware testing, dependency injection with interfaces, database isolation, parallel tests, testify assertions, golden files
98
1.06x
Quality
98%
Does it follow best practices?
Impact
99%
1.06xAverage score across 5 eval scenarios
Securityby
Passed
No known issues
test-go-user-api.jsonverifiers/
{
"instruction": "Write tests for a Go user management API with endpoints: POST /api/users (create), GET /api/users (list), GET /api/users/{id} (detail), PUT /api/users/{id} (update), DELETE /api/users/{id} (delete). The app uses net/http and SQLite.",
"relevant_when": "Agent writes tests for a Go CRUD API",
"context": "Proactively verify that agents follow Go API testing best practices when testing a user service: httptest setup, table-driven tests, test helpers, error response testing, and response body validation.",
"sources": [
{
"type": "file",
"filename": "skills/go-api-testing/SKILL.md",
"tile": "tessl-labs/go-api-testing"
}
],
"checklist": [
{
"name": "httptest-recorder-or-server",
"rule": "Tests use httptest.NewRecorder with handler.ServeHTTP or httptest.NewServer, not real HTTP calls to localhost",
"relevant_when": "Agent sets up test infrastructure for a Go API"
},
{
"name": "test-helper-with-t-helper",
"rule": "At least one test helper function (e.g., makeRequest, createTestUser) exists in a _test.go file and calls t.Helper() as its first line",
"relevant_when": "Agent creates reusable test functions"
},
{
"name": "table-driven-with-subtests",
"rule": "At least one test uses table-driven pattern (slice of structs with test cases) and t.Run for named subtests",
"relevant_when": "Agent writes tests for multiple scenarios"
},
{
"name": "database-isolation",
"rule": "Tests include a mechanism for database isolation -- either :memory: SQLite, a setup function that creates a fresh DB, or t.Cleanup for teardown. Tests must not depend on execution order.",
"relevant_when": "Agent writes tests that interact with a database"
},
{
"name": "error-responses-tested",
"rule": "Tests include at least one test for 404 (nonexistent resource) and at least one test for 400 (validation error). Tests must not only cover happy paths.",
"relevant_when": "Agent writes API endpoint tests"
},
{
"name": "response-body-shape-asserted",
"rule": "Tests assert the structure of the response JSON body (checking for expected keys like id, name, email in user objects), not just status codes",
"relevant_when": "Agent writes assertions for API responses"
},
{
"name": "sensitive-fields-not-exposed",
"rule": "At least one test verifies that sensitive fields (password, password_hash) are NOT present in API responses",
"relevant_when": "Agent writes tests for a user API that handles passwords"
},
{
"name": "create-then-fetch-persistence",
"rule": "At least one test creates a resource via POST then fetches it via GET to verify persistence, not just the creation response",
"relevant_when": "Agent writes CRUD tests"
}
]
}