{"id":"751862d7-9111-4455-b7aa-432af6750841","shortId":"PbTKmz","kind":"skill","title":"fortify","tagline":"Fortify existing code by splitting large functions, adding edge-case coverage, and backfilling unit tests. Use when user asks to \"fortify\", \"harden\", \"bulletproof\", \"make robust\", \"make solid\", \"strengthen\", \"add missing tests\", \"split functions\", or wants to improve reliability ","description":"# Fortify\n\nTarget: $ARGUMENTS (file, directory, or module — if blank, use unstaged changes)\n\n## Pre-loaded context\n\n- Unstaged changes: !`git diff --name-only`\n\nBefore proceeding, use the Read tool to read `package.json` (for test runner config).\n\n## Workflow\n\n### 1. Scope\n\nIdentify target files. If $ARGUMENTS is blank, use unstaged changed files.\n\n- Read each target file\n- Read its existing test file (co-located `*.test.ts` or `__tests__/`)\n- If no test file exists, note it\n\n### 2. Audit\n\nFor each file, list findings in three buckets:\n\n| Bucket | What to look for |\n|---|---|\n| **Split** | Functions > 20 lines, multiple responsibilities, deeply nested logic (> 2 levels), God functions doing I/O + logic |\n| **Edge cases** | Missing null/empty/boundary checks at system boundaries, unhandled error paths, implicit assumptions |\n| **Test gaps** | Untested public functions, branches with no coverage, missing sad-path tests |\n\nPresent the audit as a checklist. Ask **\"Which items should I address?\"** — list each finding as an option, with \"All items\" as first option marked (Recommended). Use AskUserQuestion (multiSelect) when available; otherwise present as a numbered checklist.\n\n### 3. Harden (TDD loop per item)\n\nFor each approved item, apply red-green-refactor:\n\n```\nRED:    Write a failing test that exposes the gap\nGREEN:  Minimal code change to pass\nREFACTOR: Extract/simplify if the fix introduced complexity\n```\n\nOne item at a time. Run tests after each cycle. Never batch.\n\n**Splitting rules:**\n- Extract pure logic into named helpers — keep I/O at the edges\n- New functions must be testable through public interface when possible\n- Preserve the original function's signature (no breaking changes)\n\n**Test rules:**\n- Test behavior, not implementation\n- Each test gets a descriptive name: `it('returns empty array when input is null')`\n- Prefer real values over mocks; mock only external I/O\n\n### 4. Verify\n\n- Run full test suite\n- Confirm no regressions\n- Report summary: items addressed, tests added, functions extracted\n\n## Output format\n\n```\n## Fortify Report\n\n### Audit\n- [ ] Split: `processOrder` (45 lines, validation + persistence + notification)\n- [ ] Edge: `parseConfig` — no handling for missing file\n- [ ] Test: `formatOutput` — zero test coverage\n\n### Changes\n- Extracted `validateOrder()` from `processOrder()` (+1 fn, +3 tests)\n- Added null-guard to `parseConfig` (+2 tests)\n- Backfilled `formatOutput` tests (+4 tests)\n\n### Result\nTests: 42 passed (was 35) | 0 failed\n```\n\n## Anti-Rationalization\n\n| Excuse | Rebuttal |\n|---|---|\n| \"This function is fine at 40 lines\" | If it has multiple responsibilities, split it. Length is a smell, not the rule. |\n| \"No one will pass null here\" | System boundaries surprise you. Guard at the edges. |\n| \"It's internal code, no tests needed\" | Internal code breaks too. If it has logic, it needs a test. |\n| \"Adding tests will slow us down\" | Backfilling tests now is cheaper than debugging regressions later. |\n| \"The happy path covers it\" | Bugs live in sad paths. Test the errors, the empties, the boundaries. |\n| \"I'll harden it in a follow-up\" | Follow-ups never happen. Harden now or accept the risk explicitly. |\n\n## Rules\n\n- Never change external behavior — hardening is internal improvement\n- If splitting a function would require changing its public API, flag it and ask before proceeding\n- Always run tests between items — stop if anything breaks\n- Skip files with zero test infrastructure unless user explicitly asks to set it up\n\n## Error Handling\n\n- If no test runner found → ask user which runner to use before proceeding\n- If test suite fails before hardening → report failures and stop; don't harden broken code\n- If a split introduces a regression → revert that split immediately, note it as blocked\n- If target file has no exports (script/entrypoint) → audit only, skip test backfill unless user confirms","tags":["fortify","agent","skills","helderberto","agent-skills","ai-tools","antigravity","claude-code","cursor","developer-tools","gemini-cli","markdown"],"capabilities":["skill","source-helderberto","skill-fortify","topic-agent-skills","topic-ai-tools","topic-antigravity","topic-claude-code","topic-cursor","topic-developer-tools","topic-gemini-cli","topic-markdown","topic-plugin","topic-sdlc","topic-skills","topic-tracer-bullet"],"categories":["agent-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/helderberto/agent-skills/fortify","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add helderberto/agent-skills","source_repo":"https://github.com/helderberto/agent-skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (3,895 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:09:13.418Z","embedding":null,"createdAt":"2026-05-18T13:14:53.483Z","updatedAt":"2026-05-18T19:09:13.418Z","lastSeenAt":"2026-05-18T19:09:13.418Z","tsv":"'+1':364 '+2':374 '+3':366 '+4':379 '0':387 '1':78 '2':113,137 '20':130 '3':208 '35':386 '4':318 '40':399 '42':383 '45':342 'accept':497 'ad':9,332,368,448 'add':31 'address':182,330 'alway':526 'anti':390 'anti-ration':389 'anyth':533 'api':519 'appli':218 'approv':216 'argument':43,84 'array':304 'ask':21,177,523,544,556 'askuserquest':198 'assumpt':156 'audit':114,173,339,600 'avail':201 'backfil':15,376,454,604 'batch':256 'behavior':292,505 'blank':49,86 'block':592 'boundari':151,422,479 'branch':162 'break':287,438,534 'broken':577 'bucket':122,123 'bug':468 'bulletproof':25 'case':12,145 'chang':52,58,89,235,288,359,503,516 'cheaper':458 'check':148 'checklist':176,207 'co':101 'co-loc':100 'code':4,234,432,437,578 'complex':244 'config':76 'confirm':324,607 'context':56 'cover':466 'coverag':13,165,358 'cycl':254 'debug':460 'deepli':134 'descript':299 'diff':60 'directori':45 'edg':11,144,269,347,428 'edge-cas':10 'empti':303,477 'error':153,475,549 'excus':392 'exist':3,97,110 'explicit':500,543 'export':598 'expos':229 'extern':316,504 'extract':259,334,360 'extract/simplify':239 'fail':226,388,567 'failur':571 'file':44,82,90,94,99,109,117,353,536,595 'find':119,185 'fine':397 'first':193 'fix':242 'flag':520 'fn':365 'follow':487,490 'follow-up':486,489 'format':336 'formatoutput':355,377 'fortifi':1,2,23,41,337 'found':555 'full':321 'function':8,35,129,140,161,271,283,333,395,513 'gap':158,231 'get':297 'git':59 'god':139 'green':221,232 'guard':371,425 'handl':350,550 'happen':493 'happi':464 'harden':24,209,482,494,506,569,576 'helper':264 'i/o':142,266,317 'identifi':80 'immedi':588 'implement':294 'implicit':155 'improv':39,509 'infrastructur':540 'input':306 'interfac':277 'intern':431,436,508 'introduc':243,582 'item':179,191,213,217,246,329,530 'keep':265 'larg':7 'later':462 'length':408 'level':138 'line':131,343,400 'list':118,183 'live':469 'll':481 'load':55 'locat':102 'logic':136,143,261,443 'look':126 'loop':211 'make':26,28 'mark':195 'minim':233 'miss':32,146,166,352 'mock':313,314 'modul':47 'multipl':132,404 'multiselect':199 'must':272 'name':62,263,300 'name-on':61 'need':435,445 'nest':135 'never':255,492,502 'new':270 'note':111,589 'notif':346 'null':308,370,419 'null-guard':369 'null/empty/boundary':147 'number':206 'one':245,416 'option':188,194 'origin':282 'otherwis':202 'output':335 'package.json':72 'parseconfig':348,373 'pass':237,384,418 'path':154,169,465,472 'per':212 'persist':345 'possibl':279 'pre':54 'pre-load':53 'prefer':309 'present':171,203 'preserv':280 'proceed':65,525,563 'processord':341,363 'public':160,276,518 'pure':260 'ration':391 'read':68,71,91,95 'real':310 'rebutt':393 'recommend':196 'red':220,223 'red-green-refactor':219 'refactor':222,238 'regress':326,461,584 'reliabl':40 'report':327,338,570 'requir':515 'respons':133,405 'result':381 'return':302 'revert':585 'risk':499 'robust':27 'rule':258,290,414,501 'run':250,320,527 'runner':75,554,559 'sad':168,471 'sad-path':167 'scope':79 'script/entrypoint':599 'set':546 'signatur':285 'skill' 'skill-fortify' 'skip':535,602 'slow':451 'smell':411 'solid':29 'source-helderberto' 'split':6,34,128,257,340,406,511,581,587 'stop':531,573 'strengthen':30 'suit':323,566 'summari':328 'surpris':423 'system':150,421 'target':42,81,93,594 'tdd':210 'test':17,33,74,98,105,108,157,170,227,251,289,291,296,322,331,354,357,367,375,378,380,382,434,447,449,455,473,528,539,553,565,603 'test.ts':103 'testabl':274 'three':121 'time':249 'tool':69 'topic-agent-skills' 'topic-ai-tools' 'topic-antigravity' 'topic-claude-code' 'topic-cursor' 'topic-developer-tools' 'topic-gemini-cli' 'topic-markdown' 'topic-plugin' 'topic-sdlc' 'topic-skills' 'topic-tracer-bullet' 'unhandl':152 'unit':16 'unless':541,605 'unstag':51,57,88 'untest':159 'up':491 'us':452 'use':18,50,66,87,197,561 'user':20,542,557,606 'valid':344 'validateord':361 'valu':311 'verifi':319 'want':37 'workflow':77 'would':514 'write':224 'zero':356,538","prices":[{"id":"8dd025f2-7829-4179-bfa8-6e84a18d6de0","listingId":"751862d7-9111-4455-b7aa-432af6750841","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"helderberto","category":"agent-skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:14:53.483Z"}],"sources":[{"listingId":"751862d7-9111-4455-b7aa-432af6750841","source":"github","sourceId":"helderberto/agent-skills/fortify","sourceUrl":"https://github.com/helderberto/agent-skills/tree/main/skills/fortify","isPrimary":false,"firstSeenAt":"2026-05-18T13:14:53.483Z","lastSeenAt":"2026-05-18T19:09:13.418Z"}],"details":{"listingId":"751862d7-9111-4455-b7aa-432af6750841","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"helderberto","slug":"fortify","github":{"repo":"helderberto/agent-skills","stars":8,"topics":["agent-skills","ai","ai-tools","antigravity","claude-code","cursor","developer-tools","gemini-cli","markdown","plugin","sdlc","skills","tracer-bullet"],"license":"mit","html_url":"https://github.com/helderberto/agent-skills","pushed_at":"2026-05-14T11:37:47Z","description":"My personal SDLC toolbelt for AI coding agents — PRD to ship.","skill_md_sha":"1b5dfe3b707753b987dd0e45536897840c6f6b3c","skill_md_path":"skills/fortify/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/helderberto/agent-skills/tree/main/skills/fortify"},"layout":"multi","source":"github","category":"agent-skills","frontmatter":{"name":"fortify","description":"Fortify existing code by splitting large functions, adding edge-case coverage, and backfilling unit tests. Use when user asks to \"fortify\", \"harden\", \"bulletproof\", \"make robust\", \"make solid\", \"strengthen\", \"add missing tests\", \"split functions\", or wants to improve reliability of existing code. Don't use for new features (use tdd), refactoring plans (use refactor-plan), or code review (use code-review)."},"skills_sh_url":"https://skills.sh/helderberto/agent-skills/fortify"},"updatedAt":"2026-05-18T19:09:13.418Z"}}