业务逻辑测试审计器：自动化检测框架库测试，提升测试代码质量

ln-631-test-business-logic-auditor by levnikolaevich/claude-code-skills

172 周安装量

253 GitHub Stars

安装命令

npx skills add https://github.com/levnikolaevich/claude-code-skills --skill ln-631-test-business-logic-auditor

🇨🇳中文介绍

路径说明： 文件路径（shared/、references/、../ln-*）是相对于技能仓库根目录的。如果在当前工作目录未找到，请定位此 SKILL.md 文件所在的目录，然后向上返回一级以找到仓库根目录。如果缺少 shared/ 目录，请通过 WebFetch 从 https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} 获取文件。

业务逻辑聚焦审计器 (L3 Worker)

专门用于审计"业务逻辑聚焦"（类别 1）测试的工作器。

目的与范围

作为 ln-630 协调器管道中的工作器
审计 业务逻辑聚焦（类别 1：高优先级）
检测验证框架/库行为的测试（而非我们自己的代码）
计算合规性分数 (X/10)

输入（来自协调器）

必读： 加载 shared/references/audit_worker_core_contract.md。

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

1. 框架测试检测

内容： 验证框架行为（Express、Fastify、Koa）而非我们业务逻辑的测试

(express|fastify|koa).(use|get|post|put|delete|patch)
测试名称："middleware is called"、"route handler works"、"Express app listens"

严重性： 中等

建议： 如果测试仅验证框架行为，考虑移除。如果测试的是自定义代码与框架的集成 → 保留

工作量： S（删除测试文件或测试块）

2. ORM/数据库库测试

内容： 验证 Prisma/Mongoose/Sequelize/TypeORM 行为的测试

(prisma|mongoose|sequelize|typeorm).(find|findMany|create|update|delete|upsert)
测试名称："Prisma findMany returns array"、"Mongoose save works"

严重性： 中等

建议： 如果测试仅验证 ORM 行为，考虑移除。如果测试的是自定义查询逻辑或仓储模式 → 保留

3. 加密/哈希库测试

内容： 验证 bcrypt/argon2 哈希行为的测试

(bcrypt|argon2).(hash|compare|verify|hashSync)
测试名称："bcrypt hashes password"、"argon2 compares correctly"

严重性： 中等

建议： 如果测试仅验证库行为，考虑移除。如果测试的是自定义密码策略或哈希包装器 → 保留

4. JWT/令牌库测试

内容： 验证 JWT 签名/验证的测试

(jwt|jsonwebtoken).(sign|verify|decode)
测试名称："JWT signs token"、"JWT verifies signature"

严重性： 中等

建议： 如果测试仅验证 JWT 库，考虑移除。如果测试的是自定义令牌载荷、声明逻辑或认证流程 → 保留

5. HTTP 客户端库测试

内容： 验证 axios/fetch/got 行为的测试

(axios|fetch|got|request).(get|post|put|delete|patch)
测试名称："axios makes GET request"、"fetch returns data"

严重性： 中等

建议： 如果测试仅验证 HTTP 客户端行为，考虑移除。如果测试的是自定义 API 包装器、重试逻辑或错误映射 → 保留

6. React Hooks/框架测试

内容： 验证 React hooks 行为（useState、useEffect 等）的测试

(useState|useEffect|useContext|useReducer|useMemo|useCallback)
测试名称："useState updates state"、"useEffect runs on mount"

严重性： 低（如果是测试我们自己的自定义钩子逻辑，则可接受）

建议： 审查 — 如果测试框架行为 → 删除；如果测试自定义钩子 → 保留

工作量： S-M

必读： 加载 shared/references/audit_worker_core_contract.md 和 shared/references/audit_scoring.md。

必读： 加载 shared/references/audit_worker_core_contract.md 和 shared/templates/audit_worker_report_template.md。

将报告写入 {output_dir}/631-business-logic.md，其中包含 category: "Business Logic Focus" 和检查项：framework_tests、orm_tests、crypto_tests、jwt_tests、http_client_tests、react_hooks_tests。

向协调器返回摘要：

Report written: docs/project/.audit/ln-630/{YYYY-MM-DD}/631-business-logic.md
Score: X.X/10 | Issues: N (C:N H:N M:N L:N)

必读： 加载 shared/references/audit_worker_core_contract.md。

不要自动修复： 仅报告
框架特定模式： 使检测模式与项目的实际技术栈匹配
工作量现实性： S = <1小时，M = 1-4小时，L = >4小时
上下文感知： 围绕库的自定义包装器（例如，使用 useState 的自定义钩子）是我们自己的代码 — 不要标记
排除测试辅助工具： 不要标记那些导入库用于模拟设置的共享测试实用程序

必读： 加载 shared/references/audit_worker_core_contract.md。

成功解析 contextStore（包括 output_dir）
完成所有 6 项检查（框架、ORM、加密、JWT、HTTP 客户端、React hooks）
收集的发现包含严重性、位置、工作量、建议
使用惩罚算法计算分数
报告已写入 {output_dir}/631-business-logic.md（原子性单次 Write 调用）
摘要已返回给协调器

审计输出模式： shared/references/audit_output_schema.md

版本： 3.0.0 最后更新： 2025-12-23

🇺🇸English

Paths: File paths (shared/, references/, ../ln-*) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root. If shared/ is missing, fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}.

Business Logic Focus Auditor (L3 Worker)

Specialized worker auditing tests for Business Logic Focus (Category 1).

Purpose & Scope

Worker in ln-630 coordinator pipeline
Audit Business Logic Focus (Category 1: High Priority)
Detect tests validating framework/library behavior (NOT our code)
Calculate compliance score (X/10)

Inputs (from Coordinator)

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

Receives contextStore with: tech_stack, testFilesMetadata, codebase_root, output_dir.

Workflow

MANDATORY READ: Load shared/references/two_layer_detection.md for detection methodology.

Parse Context: Extract tech stack, framework detection patterns, test file list, output_dir from contextStore
Scan Codebase (Layer 1): Scan test files for framework/library tests (see Audit Rules below) 2b) Context Analysis (Layer 2 — MANDATORY): For each candidate, read test code and ask:
- Does this test custom code that wraps a framework primitive (e.g., custom hook using useState)? → KEEP (testing integration, not framework)
- Does this test ONLY call framework API with no custom logic? → flag for removal
- Is this a test helper/utility that imports libraries for mocking setup? → skip (not a test of framework behavior)
Collect Findings: Record each violation with severity, location (file:line), effort estimate (S/M/L), recommendation
Calculate Score: Count violations by severity, calculate compliance score (X/10)
Write Report: Build full markdown report in memory per shared/templates/audit_worker_report_template.md, write to {output_dir}/631-business-logic.md in single Write call
Return Summary: Return minimal summary to coordinator (see Output Format)

Audit Rules

1. Framework Tests Detection

What: Tests validating framework behavior (Express, Fastify, Koa) instead of OUR business logic

Detection Patterns:

(express|fastify|koa).(use|get|post|put|delete|patch)
Test names: "middleware is called", "route handler works", "Express app listens"

Severity: MEDIUM

Recommendation: Consider removing IF test only validates framework behavior. If testing integration of custom code with framework → KEEP

Effort: S (delete test file or test block)

2. ORM/Database Library Tests

What: Tests validating Prisma/Mongoose/Sequelize/TypeORM behavior

Detection Patterns:

(prisma|mongoose|sequelize|typeorm).(find|findMany|create|update|delete|upsert)
Test names: "Prisma findMany returns array", "Mongoose save works"

Severity: MEDIUM

Recommendation: Consider removing IF test only validates ORM behavior. If testing custom query logic or repository patterns → KEEP

Effort: S

3. Crypto/Hashing Library Tests

What: Tests validating bcrypt/argon2 hashing behavior

Detection Patterns:

(bcrypt|argon2).(hash|compare|verify|hashSync)
Test names: "bcrypt hashes password", "argon2 compares correctly"

Severity: MEDIUM

Recommendation: Consider removing IF test only validates library behavior. If testing custom password policy or hashing wrapper → KEEP

Effort: S

4. JWT/Token Library Tests

What: Tests validating JWT signing/verification

Detection Patterns:

(jwt|jsonwebtoken).(sign|verify|decode)
Test names: "JWT signs token", "JWT verifies signature"

Severity: MEDIUM

Recommendation: Consider removing IF test only validates JWT library. If testing custom token payload, claims logic, or auth flow → KEEP

Effort: S

5. HTTP Client Library Tests

What: Tests validating axios/fetch/got behavior

Detection Patterns:

(axios|fetch|got|request).(get|post|put|delete|patch)
Test names: "axios makes GET request", "fetch returns data"

Severity: MEDIUM

Recommendation: Consider removing IF test only validates HTTP client behavior. If testing custom API wrapper, retry logic, or error mapping → KEEP

Effort: S

6. React Hooks/Framework Tests

What: Tests validating React hooks behavior (useState, useEffect, etc.)

Detection Patterns:

(useState|useEffect|useContext|useReducer|useMemo|useCallback)
Test names: "useState updates state", "useEffect runs on mount"

Severity: LOW (acceptable if testing OUR custom hook logic)

Recommendation: REVIEW — if testing framework behavior → DELETE; if testing custom hook → KEEP

Effort: S-M

Scoring Algorithm

MANDATORY READ: Load shared/references/audit_worker_core_contract.md and shared/references/audit_scoring.md.

Output Format

MANDATORY READ: Load shared/references/audit_worker_core_contract.md and shared/templates/audit_worker_report_template.md.

Write report to {output_dir}/631-business-logic.md with category: "Business Logic Focus" and checks: framework_tests, orm_tests, crypto_tests, jwt_tests, http_client_tests, react_hooks_tests.

Return summary to coordinator:

Report written: docs/project/.audit/ln-630/{YYYY-MM-DD}/631-business-logic.md
Score: X.X/10 | Issues: N (C:N H:N M:N L:N)

Critical Rules

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

Do not auto-fix: Report only
Framework-specific patterns: Match detection patterns to project's actual tech stack
Effort realism: S = <1h, M = 1-4h, L = >4h
Context-aware: Custom wrappers around libraries (e.g., custom hook using useState) are OUR code — do not flag
Exclude test helpers: Do not flag shared test utilities that import libraries for mocking setup

Definition of Done

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

contextStore parsed successfully (including output_dir)
All 6 checks completed (framework, ORM, crypto, JWT, HTTP client, React hooks)
Findings collected with severity, location, effort, recommendation
Score calculated using penalty algorithm
Report written to {output_dir}/631-business-logic.md (atomic single Write call)
Summary returned to coordinator

Reference Files

Audit output schema: shared/references/audit_output_schema.md

Version: 3.0.0 Last Updated: 2025-12-23

Weekly Installs

172

Repository

levnikolaevich/…e-skills

GitHub Stars

253

First Seen

Jan 24, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

claude-code157

cursor153

opencode153

codex152

gemini-cli152

github-copilot146

Skills CLI 使用指南：AI Agent 技能包管理器安装与管理教程

33,600 周安装

业务逻辑测试审计器：自动化检测框架库测试，提升测试代码质量

🇨🇳中文介绍

业务逻辑聚焦审计器 (L3 Worker)

目的与范围

输入（来自协调器）

相关 Skills

工作流程

审计规则

1. 框架测试检测

2. ORM/数据库库测试

3. 加密/哈希库测试

4. JWT/令牌库测试

5. HTTP 客户端库测试

6. React Hooks/框架测试

评分算法

输出格式

关键规则

完成定义

参考文件

🇺🇸English

Business Logic Focus Auditor (L3 Worker)

Purpose & Scope

Inputs (from Coordinator)

Workflow

Audit Rules

1. Framework Tests Detection

2. ORM/Database Library Tests

3. Crypto/Hashing Library Tests

4. JWT/Token Library Tests

5. HTTP Client Library Tests

6. React Hooks/Framework Tests

Scoring Algorithm

Output Format

Critical Rules

Definition of Done

Reference Files

最新 Skills