Name: tessl-labs/pytest-api-testing
Rating: 99.4 (1 reviews)
Author: tessl-labs

tessl-labs/pytest-api-testing

Pytest patterns for Python APIs -- httpx AsyncClient, conftest fixtures, database isolation, parametrize edge cases, error response testing, auth flows, factory fixtures

1.23x

Quality

99%

Does it follow best practices?

Impact

100%

1.23x

Average score across 5 eval scenarios

Securityby

Passed

No known issues

{
  "instruction": "Write pytest tests for FastAPI authentication endpoints: POST /api/auth/register (create account), POST /api/auth/login (get JWT token), GET /api/users/me (get current user, protected). The app uses JWT bearer tokens.",
  "relevant_when": "Agent writes tests for API authentication or protected endpoints",
  "context": "Proactively verify that agents test both authenticated and unauthenticated access, token handling, and auth error responses when testing authentication flows.",
  "sources": [
    {
      "type": "file",
      "filename": "skills/pytest-api-testing/SKILL.md",
      "tile": "tessl-labs/pytest-api-testing"
    }
  ],
  "checklist": [
    {
      "name": "httpx-async-client",
      "rule": "Tests use httpx.AsyncClient with ASGITransport to test the FastAPI app",
      "relevant_when": "Agent sets up a test client for FastAPI"
    },
    {
      "name": "tests-unauthenticated-access",
      "rule": "At least one test verifies that accessing a protected endpoint without a token returns 401",
      "relevant_when": "Agent writes tests for protected API endpoints"
    },
    {
      "name": "tests-invalid-token",
      "rule": "At least one test verifies that accessing a protected endpoint with an invalid or expired token returns 401",
      "relevant_when": "Agent writes tests for JWT-protected endpoints"
    },
    {
      "name": "tests-valid-auth-flow",
      "rule": "Tests cover the full auth flow: register a user, login to get a token, then use the token to access a protected endpoint and verify the response",
      "relevant_when": "Agent writes tests for auth endpoints"
    },
    {
      "name": "auth-fixture-or-helper",
      "rule": "Tests use a fixture or helper function that returns auth headers (e.g., an auth_headers fixture that registers, logs in, and returns {'Authorization': 'Bearer <token>'}) rather than repeating auth setup in every test",
      "relevant_when": "Agent writes multiple tests that need authenticated requests"
    },
    {
      "name": "tests-login-failure",
      "rule": "At least one test verifies that login with wrong credentials returns 401 or 400, not 500",
      "relevant_when": "Agent writes tests for a login endpoint"
    },
    {
      "name": "database-isolation",
      "rule": "Tests include database cleanup/reset so user registration tests do not leak state into other tests",
      "relevant_when": "Agent writes tests that create users in a database"
    }
  ]
}

evals

skills

verifiers

pytest-tests-created.json

test-fastapi-auth-endpoints.json

test-fastapi-user-service.json

test-fastapi-with-database.json

test-flask-api.json

test-order-api-edge-cases.json

tile.json

tessl-labs/pytest-api-testing

test-fastapi-auth-endpoints.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}verifiers/

test-fastapi-auth-endpoints.jsonverifiers/