AgentSkillsCN

Verification

验证环节。

SKILL.md

Skill: verification (Cross-cutting — Run/Check Before “Done”)

You are performing verification of changes before declaring a task/feature complete.

This skill standardizes the minimum checks to reduce “it works on my machine” failures across:

  • Django + DRF backend
  • Next.js frontend
  • Postgres migrations
  • Auth + CORS
  • API/Frontend contract alignment

When to use this skill

Use this skill whenever:

  • You changed code (frontend or backend)
  • You introduced/changed an API endpoint or contract
  • You changed a model or migrations
  • You touched auth, permissions, CORS, or environment variables

Inputs

  • The implemented code changes
  • docs/features/<feature-slug>/02-design.md (expected behavior/contracts)
  • docs/features/<feature-slug>/03-implementation-notes.md (what you claim you changed)

Output expectations

In docs/features/<feature-slug>/03-implementation-notes.md (or your response if not using artifacts), include:

  • What you actually verified (explicit)
  • Commands you ran (or commands to run if you did not run them)
  • Any known gaps (e.g., “tests not run: reason”)

Hard rules

  • Do NOT claim verification you did not perform.
  • Prefer the smallest set of checks that gives high confidence.
  • Verification must cover the changed surface area.

Verification levels (choose appropriately)

Level 0 — Trivial doc-only change

  • Confirm docs render and links are valid.

Level 1 — Smoke (default for most PR-sized changes)

Goal: prove app boots, core path works, and no obvious breakage.

Level 2 — Targeted tests

Goal: add confidence for logic-heavy changes, auth, migrations, and contracts.

Level 3 — Full suite (when risk is high)

Goal: run the full test/lint/typecheck suite(s) if they exist.

Minimum smoke checklist (Level 1)

Backend (Django/DRF)

  • Server boots (no startup exceptions).
  • Any new/changed endpoint responds correctly for:
    • happy path
    • at least one expected error case (400/401/403/404 depending)
  • Auth expectations match the contract:
    • unauth endpoints are unauth
    • protected endpoints require auth
  • CORS behavior is correct for browser calls (no CORS errors when using expected origins).

Database & migrations

  • If models changed:
    • migration files exist and are sane
    • migration plan is safe (see skills/migrations-data-model-changes/skill.md)
  • If you applied migrations locally, record that.
  • If you did not apply migrations locally, state that and provide the exact command(s).

Frontend (Next.js)

  • App boots.
  • Core UI path related to the change renders without runtime errors.
  • Browser-side API call path works (when relevant), including auth headers and error states.

Contracts (FE/BE)

  • Confirm request/response fields used by the frontend match what the backend returns.
  • Confirm error shapes used by the frontend match what the backend returns.

Targeted verification (Level 2) — What to add when relevant

Auth / Permissions / Security

  • Attempt an authz bypass scenario relevant to the change.
  • Confirm 401 vs 403 semantics are correct.
  • Confirm token refresh flow does not loop or deadlock (if applicable).

Migrations / Backfills

  • Verify on a representative dataset size if possible.
  • Ensure backfills are idempotent and chunkable.
  • Call out locking risk and rollback plan.

Forms & validation

  • Confirm server-side validation errors are surfaced.
  • Confirm frontend handles validation errors gracefully.

Tooling checks (run when available and relevant)

  • Backend: tests, lint, formatting (if configured)
  • Frontend: lint, typecheck, unit tests (if configured)

If the repo lacks these checks, do not invent them; document the gap.

Reporting template (copy into implementation notes)

  • Verified:
    • Backend: <what you ran / checked>
    • Frontend: <what you ran / checked>
    • Migrations: <generated/applied/deferred>
    • Contracts: <what you compared>
  • Commands run:
    • <commands>
  • Not run (and why):
    • <gaps>
  • Smoke steps performed:
    • <manual steps>