tessl-labs/pytest-api-testing
Pytest patterns for Python APIs -- httpx AsyncClient, conftest fixtures, database isolation, parametrize edge cases, error response testing, auth flows, factory fixtures
99
1.23x
Quality
99%
Does it follow best practices?
Impact
100%
1.23xAverage score across 5 eval scenarios
Securityby
Passed
No known issues
test-fastapi-user-service.jsonverifiers/
{
"instruction": "Write pytest tests for a FastAPI user CRUD service with endpoints: POST /api/users (create), GET /api/users (list), GET /api/users/{id} (detail), PUT /api/users/{id} (update), DELETE /api/users/{id} (delete). The app uses SQLite and Pydantic models.",
"relevant_when": "Agent writes tests for a FastAPI CRUD API",
"context": "Proactively verify that agents follow pytest API testing best practices when testing a user service: proper test client setup, fixture organization, error response testing, and response schema validation.",
"sources": [
{
"type": "file",
"filename": "skills/pytest-api-testing/SKILL.md",
"tile": "tessl-labs/pytest-api-testing"
}
],
"checklist": [
{
"name": "httpx-async-client",
"rule": "Tests use httpx.AsyncClient with ASGITransport to test the FastAPI app, not requests or TestClient from starlette",
"relevant_when": "Agent sets up a test client for FastAPI"
},
{
"name": "conftest-fixtures",
"rule": "Test fixtures (client, db setup) are defined in tests/conftest.py, not imported from other modules or defined inline in test files",
"relevant_when": "Agent creates pytest fixtures for API testing"
},
{
"name": "database-isolation",
"rule": "Tests include a mechanism for database isolation -- either an autouse fixture that resets/truncates tables before each test, or a transaction-rollback pattern. Tests must not depend on execution order.",
"relevant_when": "Agent writes tests that interact with a database"
},
{
"name": "asyncio-mode-configured",
"rule": "pytest-asyncio is configured with asyncio_mode = 'auto' in pyproject.toml or pytest.ini so async test functions run without explicit markers",
"relevant_when": "Agent writes async pytest tests"
},
{
"name": "tests-error-responses",
"rule": "Tests include at least one test for 404 (nonexistent resource) and at least one test for 422 or 400 (validation error). Tests must not only cover happy paths.",
"relevant_when": "Agent writes API endpoint tests"
},
{
"name": "asserts-response-body-shape",
"rule": "Tests assert the structure/shape of the response JSON body (e.g., checking for expected keys like 'id', 'email', 'name' in user objects), not just status codes",
"relevant_when": "Agent writes assertions for API responses"
},
{
"name": "sensitive-fields-not-exposed",
"rule": "At least one test verifies that sensitive fields (password, password_hash, hashed_password) are NOT present in API responses",
"relevant_when": "Agent writes tests for a user API that handles passwords"
},
{
"name": "factory-or-helper-for-test-data",
"rule": "Tests use a fixture, factory function, or helper to create test users rather than duplicating user creation JSON payloads across multiple test functions",
"relevant_when": "Agent writes multiple tests that need user test data"
}
]
}