ln-631-test-business-logic-auditor
npx skills add https://github.com/levnikolaevich/claude-code-skills --skill ln-631-test-business-logic-auditor
Agent 安装分布
Skill 文档
Paths: File paths (
shared/,references/,../ln-*) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root.
Business Logic Focus Auditor (L3 Worker)
Specialized worker auditing tests for Business Logic Focus (Category 1).
Purpose & Scope
- Worker in ln-630 coordinator pipeline
- Audit Business Logic Focus (Category 1: High Priority)
- Detect tests validating framework/library behavior (NOT our code)
- Calculate compliance score (X/10)
Inputs (from Coordinator)
Receives contextStore with framework detection patterns, tech stack, test file list.
Workflow
- Parse context
- Scan test files for framework/library tests
- Collect findings
- Calculate score
- Return JSON
Audit Rules
1. Framework Tests Detection
What: Tests validating framework behavior (Express, Fastify, Koa) instead of OUR business logic
Detection Patterns:
(express|fastify|koa).(use|get|post|put|delete|patch)- Test names: “middleware is called”, “route handler works”, “Express app listens”
Severity: MEDIUM
Recommendation: DELETE â framework already tested by maintainers
Effort: S (delete test file or test block)
2. ORM/Database Library Tests
What: Tests validating Prisma/Mongoose/Sequelize/TypeORM behavior
Detection Patterns:
(prisma|mongoose|sequelize|typeorm).(find|findMany|create|update|delete|upsert)- Test names: “Prisma findMany returns array”, “Mongoose save works”
Severity: MEDIUM
Recommendation: DELETE â ORM already tested
Effort: S
3. Crypto/Hashing Library Tests
What: Tests validating bcrypt/argon2 hashing behavior
Detection Patterns:
(bcrypt|argon2).(hash|compare|verify|hashSync)- Test names: “bcrypt hashes password”, “argon2 compares correctly”
Severity: MEDIUM
Recommendation: DELETE â crypto libraries already tested
Effort: S
4. JWT/Token Library Tests
What: Tests validating JWT signing/verification
Detection Patterns:
(jwt|jsonwebtoken).(sign|verify|decode)- Test names: “JWT signs token”, “JWT verifies signature”
Severity: MEDIUM
Recommendation: DELETE â JWT library already tested
Effort: S
5. HTTP Client Library Tests
What: Tests validating axios/fetch/got behavior
Detection Patterns:
(axios|fetch|got|request).(get|post|put|delete|patch)- Test names: “axios makes GET request”, “fetch returns data”
Severity: MEDIUM
Recommendation: DELETE â HTTP clients already tested
Effort: S
6. React Hooks/Framework Tests
What: Tests validating React hooks behavior (useState, useEffect, etc.)
Detection Patterns:
(useState|useEffect|useContext|useReducer|useMemo|useCallback)- Test names: “useState updates state”, “useEffect runs on mount”
Severity: LOW (acceptable if testing OUR custom hook logic)
Recommendation: REVIEW â if testing framework behavior â DELETE; if testing custom hook â KEEP
Effort: S-M
Scoring Algorithm
MANDATORY READ: Load shared/references/audit_scoring.md for unified scoring formula.
Output Format
Return JSON to coordinator:
{
"category": "Business Logic Focus",
"score": 7,
"total_issues": 12,
"critical": 0,
"high": 0,
"medium": 10,
"low": 2,
"checks": [
{"id": "framework_tests", "name": "Framework Tests Detection", "status": "failed", "details": "Found 6 tests validating Express/Fastify behavior"},
{"id": "orm_tests", "name": "ORM Library Tests", "status": "warning", "details": "Found 4 Prisma validation tests"},
{"id": "business_logic_coverage", "name": "Business Logic Coverage", "status": "passed", "details": "Core business logic properly tested"}
],
"findings": [
{
"severity": "MEDIUM",
"location": "auth.test.ts:45-52",
"issue": "Test 'bcrypt hashes password' validates library behavior, not OUR code",
"principle": "Business Logic Focus / Framework Testing",
"recommendation": "Delete test â bcrypt already tested by maintainers",
"effort": "S"
},
{
"severity": "MEDIUM",
"location": "db.test.ts:78-85",
"issue": "Test 'Prisma findMany returns array' validates ORM behavior, not OUR query logic",
"principle": "Business Logic Focus / ORM Testing",
"recommendation": "Delete test â Prisma already tested",
"effort": "S"
}
]
}
Critical Rules
- Do not auto-fix: Report only
- Framework-specific patterns: Match detection patterns to project’s actual tech stack
- Effort realism: S = <1h, M = 1-4h, L = >4h
- Context-aware: Custom wrappers around libraries (e.g., custom hook using useState) are OUR code â do not flag
- Exclude test helpers: Do not flag shared test utilities that import libraries for mocking setup
Definition of Done
- contextStore parsed (tech_stack, framework detection patterns, test file list)
- All 6 checks completed (framework, ORM, crypto, JWT, HTTP client, React hooks)
- Findings collected with severity, location, effort, recommendation
- Score calculated per
shared/references/audit_scoring.md - JSON returned to coordinator
Reference Files
- Audit scoring formula:
shared/references/audit_scoring.md - Audit output schema:
shared/references/audit_output_schema.md
Version: 3.0.0 Last Updated: 2025-12-23