Testing Foundations with pytest

1. A teammate says: “I only write tests after I finish all my code, to check for bugs.” What is the main limitation of this approach?

• There is no real limitation — writing tests after code is the industry standard, and the test suite ends up identical either way since you cover the same behaviors

  This claim ignores the order in which tests are written. Tests written after the code reflect what the code happens to do — including any bugs the author baked in. Tests written before (or alongside) reflect what the code should do. The two suites look identical only when the implementation already happens to be correct.

• Post-hoc tests verify what you think the code does, not what it should do. They also can’t guide your design during development

  Exactly. Post-hoc tests are written against code that already exists, so they can only confirm what the implementation does — including any bugs baked in. They also can’t guide design during development that already happened.

• Writing tests afterward is fine as long as you achieve 100% coverage, which ensures all behavior is verified

  Coverage measures which lines ran, not whether their behavior was checked. A weak oracle (assert result is not None) hits 100% coverage and verifies almost nothing. You’ll see this exact failure mode in Step 3.

• The main problem is that it takes slightly longer because you have to context-switch back to code you already wrote

  Context-switching is a minor cost compared with the real issue — post-hoc tests can only confirm your implementation matches itself, not that it matches the spec. They also can’t act as a safety net during the development that already happened.

2. What does this code do?

assert len(result) == 3, "Expected 3 items"

• It prints ‘Expected 3 items’ to the console, then continues execution normally

  assert is not a print statement. The string after the comma is the failure message — it only appears when the assertion is False and Python raises an AssertionError.

• It checks that result has 3 elements; if not, it raises an AssertionError with the message

  Right. The condition is evaluated; if True, execution continues silently. If False, Python raises AssertionError with the message string as the error detail.

• It creates a new list called result and populates it with exactly 3 items

  assert doesn’t create or modify variables — it just evaluates a condition. The result here must already exist when assert runs, or you’d get a NameError first.

• It evaluates the condition but silently continues even if the condition is False

  A False assertion does not silently continue — it raises AssertionError. (Python’s -O flag does strip asserts, but in normal execution they always raise on failure.)

3. Dijkstra wrote: “Testing can show the presence of bugs, but never their absence.” Applied to automated test suites, this means:

• Tests are only useful if you already suspect a bug — otherwise they’re wasted effort

  Tests aren’t just useful when you already suspect a bug — they document expected behavior and catch regressions you didn’t anticipate. The Dijkstra quote is about the ceiling of what tests guarantee, not about when to bother writing them.

• Passing tests confirm that tested behaviors work as specified, but cannot rule out bugs in untested behaviors or inputs

  Exactly. Passing tests show the tested behaviors work as specified. They cannot show that untested behaviors work — the guarantee only extends as far as the suite covers.

• If all tests pass, the code is safe to deploy without further review

  Even with a full passing suite, untested behaviors could still harbor bugs. Tests prove only what they test. Code review, static analysis, and other practices complement testing precisely because no suite is exhaustive.

• Tests guarantee correctness once you reach 100% line coverage

  Coverage measures which lines ran, not whether their behavior was verified. Full coverage with weak oracles (is not None everywhere) passes for almost any return value and proves almost nothing. Dijkstra’s quote applies regardless of coverage level.

4. The “safety net” metaphor for testing means:

• Tests should be run automatically on every commit, like a security camera scanning each code change

  This describes continuous integration (running tests automatically on every commit) — that’s about the trigger, not the metaphor. The safety-net image is about what each passing test does for you: it stays in place to catch later breakage.

• Each passing test stays in place to catch regressions — you can refactor and add features fearlessly because the net catches breakage

  Right. Each passing test permanently guards that behavior against future regressions — that’s the safety net. If a future change breaks a guarded behavior, the test fails before users feel it.

• You should aim for 100% test coverage as a safety baseline before each release

  The safety-net image isn’t about a coverage number. A test suite with 100% line coverage but weak oracles is full of holes; a smaller suite with strong oracles on the critical paths is a tighter net. Coverage and the safety-net principle are different ideas (more in Step 4).

• Tests should be written in a strict mechanical order: unit tests first, then integration, then end-to-end

  This describes the testing pyramid (a way of layering test types), not the safety-net metaphor. The safety net is about passing tests as permanent guards against regression, regardless of what level of the pyramid they sit at.

1. Which file name will pytest automatically discover as a test file?

• testing_squad.py

  pytest discovers files starting with test_ (note the underscore) or ending with _test.py. testing_squad.py matches neither pattern — pytest will silently skip it.

• test_squad.py

  Correct. test_squad.py starts with test_ and ends with .py — it matches the discovery rule. Functions inside must also start with test_.

• check_squad.py

  There’s no convention check_* in pytest. The discovery rule is test_* prefix or *_test.py suffix only.

• squad_tests.py

  Close — but pytest looks for *_test.py (singular) or test_* prefix. squad_tests.py (plural “tests”) doesn’t match either.

2. A spec reads: “A discount applies for orders of strictly more than $50 and up to $500 inclusive.” Which four values are the most important boundaries to test?

• $0, $50, $100, $500 — round numbers at each end of the range

  $0 and $100 sit deep inside the no-discount and yes-discount partitions — they don’t pin down where the boundaries are. The spec defines the discount cutoffs at $50 (> flips) and $500 (≤ flips); your boundary tests must straddle those exact values.

• $50, $51, $500, $501 — one on each side of each boundary (just-below and just-above)

  Correct. $50/$51 straddles the > $50 flip and $500/$501 straddles the ≤ $500 flip — one just-below and one at-or-just-above each boundary, which is exactly where > vs >= bugs surface.

• $1, $25, $250, $1000 — one sample from each quartile to get wide coverage

  This is “spread your bets across the input range” — useful for a smoke test, useless for catching off-by-one bugs. Off-by-one bugs only manifest at the boundary itself; quartile samples will all behave correctly even when the comparison operator is wrong.

• $49.99, $50.01, $499.99, $500.01 — cents around each boundary to check decimal precision

  Decimal-precision boundaries are a separate class of bug (and rarely the dominant risk for whole-dollar specs). The primary off-by-one risk is > vs >= and <= vs <, which lives at the integer boundary. Test 50/51 and 500/501 first; reach for cents only if the spec actually distinguishes them.

3. A developer’s test suite has 12 tests for squad_name_valid. Every test uses a name of length 5, 6, 7, or 8. All tests pass. Can you trust the suite?

• Yes — 12 tests is plenty of coverage, and they all exercise the function with realistic inputs

  Test count is not a measure of test quality. 12 tests in the same partition is roughly equivalent to one test repeated 12 times — they all hit the same code path and miss the same bugs. One boundary test catches more than ten middle-of-partition tests.

• No — every test is in the middle of the same partition. Boundaries (2, 3, 12, 13) and invalid inputs are untested, so off-by-one bugs would slip through

  Right. All 12 tests cluster in the middle of the valid partition (lengths 5–8). The boundaries at 2, 3, 12, and 13 are entirely untested — a len < 12 bug instead of len <= 12 would pass every test and slip to production.

• Yes — as long as the tests pass, the function is guaranteed correct for all inputs in the tested range

  Passing tests prove the function works for the inputs tested, never for inputs the suite never exercises. The classic boundary bug at length 12 (len < 12 instead of len <= 12) sits exactly in the gap this suite leaves uncovered.

• No — 12 tests is too few for any real function; you need at least 50 tests to be confident

  There’s no magic test-count threshold for confidence. A 5-test suite with one test per partition + boundary will catch more bugs than a 50-test suite that all clusters in the middle. Quality of input choice beats quantity.

4. An equivalence partition is:

• A set of inputs that the function processes in parallel on multi-core hardware

  This is conflating partition (a testing concept — a group of inputs with the same expected behavior) with parallelism (a runtime concept — work happening simultaneously). The two ideas have nothing in common; the word “partition” is overloaded across CS subfields.

• A set of inputs that should all produce the same kind of behavior, so one representative usually suffices for the middle of the set

  Correct. Inputs that all produce the same kind of behavior form one equivalence partition — testing one representative per partition is enough for the middle, and you spend your test budget on the boundaries between partitions.

• A set of inputs that are mathematically equal (e.g., 1.0 and 1)

  Mathematical equality (1.0 == 1) is about value, not about behavioral expectation. Equivalence partitioning groups inputs that should behave the same under the function — different values can still be in the same partition (e.g. "alice" and "bob" are both length-5 valid usernames).

• A sub-range of inputs created by dividing the domain into equal-sized chunks

  This describes equal-width binning (a statistics concept). Equivalence partitions are defined by behavioral boundary — wherever the function’s output classification flips — not by chopping the domain into uniform chunks.

5. (Spaced review — Step 1) Recall the bug in streak_badge: days > 100 instead of days >= 100. Classify this bug.

• A type error — days should be a float but is being compared as an integer

  The type is not the issue here: days is compared as an integer in both the spec (>= 100) and the buggy code (> 100). The bug is in the comparison operator.

• A boundary bug — it fails only at one exact value (100) on the edge between two partitions

  Correct. The bug only surfaces at exactly days == 100 — the single boundary value where the > 100 operator gives the wrong answer. That one-specific-value signature is the definition of a boundary bug.

• A logic error — the wrong branch of the if statement is being taken

  It’s tempting to call any wrong-if bug a logic error, but that’s too coarse. Boundary bug is the more precise classification: this bug only manifests at one specific value (100), which is the diagnostic signature of a > vs >= mistake. That precision is what this step is about.

• A regression — the function worked correctly before someone introduced the bug

  Regression describes how a bug enters a codebase (re-introducing something previously fixed), not what kind of bug it is. The bug here might or might not be a regression — but its type is a boundary bug.

1. Two tests check the same build_loot_card call. Which assertion is strongest (most likely to catch a bug)? A.

def test_a():
    result = build_loot_card("Healing Potion", 3, "common")
    assert "name" in result

def test_b():
    result = build_loot_card("Healing Potion", 3, "common")
    assert result == {
        "name": "Healing Potion", "qty": 3, "rarity": "common",
        "label": "3× Common Healing Potion", "is_rare": False,
    }

• A — checking presence is more flexible because it doesn’t break on output changes

  Flexibility-to-future-changes is exactly the wrong success criterion. A should fail when qty, rarity, label, or is_rare is wrong — but it doesn’t, because the assertion only references name. The reason A ‘survives’ is that it’s verifying almost nothing, not that it’s well-designed.

• B — it pins every spec-mandated field. A passes for any dict with a name key, including completely wrong contents

  Right. B is the strong oracle: only the exact spec-mandated dict satisfies it. A is the presence weak oracle: any dict with a name key — including {"name": "Wrong", "qty": 0, ...} — passes. Liar-test territory.

• Both are equally strong — both succeed for the correct call

  Two assertions on the same call can differ wildly in bug-catching power. A passes for thousands of wrong dicts; B passes for exactly one (the correct one). ‘Both succeed for the correct call’ just means both don’t false-positive — it doesn’t mean both catch bugs.

• Neither — strong oracles always need multiple assert statements, not a single ==

  Strong oracles aren’t about count of assertions — they’re about precision. One precise assert result == {...} pins the entire output exactly. Adding more checks doesn’t strengthen the oracle; it just adds noise.

2. For build_loot_card("Excalibur", 1, "legendary"), which assertion is the weakest (catches the fewest bugs)?

• assert isinstance(result, dict)

  Right. isinstance(result, dict) is the type weak oracle — any dict at all passes, including {} and dicts with completely wrong values. It’s the canonical Liar test for dict-returning functions.

• assert result["is_rare"] is True

  This is the single-field weak oracle — better than isinstance (it at least checks one specific field), but the other four fields could all be wrong. Stronger than option 0, weaker than option 3.

• assert result == { ... } (full dict, all 5 fields)

  Full-dict equality is the strong oracle — only the exact spec-mandated dict satisfies it. (Step 4 will show the ceiling on this — but for now, this is the strongest of the four options.)

• assert result["name"] == "Excalibur" and result["qty"] == 1

  Two-field == is stronger than isinstance (which checks no values at all). It’s still weaker than full-dict equality because it lets rarity, label, and is_rare be wrong — but it’s not the weakest of the four.

3. (Spaced review — Step 2) A teammate writes assert squad_name_valid("epic") (no is True). The test passes against the current code. Why is this oracle still weak?

• It is not weak — the test passes, so the oracle is doing its job

  Currently passing is a weaker claim than correctly testing. A bare assert squad_name_valid("epic") passes today only because squad_name_valid happens to return True. The day someone refactors it to return the name string "epic" (still truthy!), the oracle will still pass — but now it’s verifying nothing meaningful. Same Liar-test family as the dict checks above.

• It is weak because it would also pass for any truthy return — 1, "yes", or even [1, 2] would all satisfy it. Use is True to pin the exact Boolean

  Right. A bare assert <expr> passes for any truthy return — 1, "epic", [True] would all pass, even though none of them are True. is True uses identity comparison and accepts only the True singleton. It’s the Boolean-return version of full-dict equality: pin the exact value.

• It is weak because pytest assertions need an explicit message string after the comma

  pytest assertion messages are optional. The oracle’s strength has nothing to do with whether you supplied a failure message; it has everything to do with which return values would fail the assertion. Bare assert <expr> is satisfied by every truthy value, which is the weakness here.

• It is weak because the input string is too short to be representative

  The input length isn’t the issue — "epic" is a perfectly valid length-4 input. The oracle weakness is structural: assert <expr> (no comparison) accepts any truthy return value, regardless of the input.

4. (Spaced review — Step 1) A passing test stays in the suite. Why?

• Symmetry — every code change should ship with a matching test addition or removal

  There’s no symmetry rule. The purpose of a test is to guard a specific behavior; the question is whether that behavior is still worth guarding (it almost always is). Symmetry between code changes and test deletions isn’t a real principle.

• Each passing test is a permanent guard against regressions: if a future change re-introduces the bug, the test fails before users see it

  Right. The safety-net idea from Step 1: each passing test stays in place to catch the regression no one anticipated. Delete the test and you cut a hole in the net at exactly the spot a future bug would land.

• Removing tests after a feature ships keeps the suite small and fast

  Speed is sometimes a reason to split test suites (fast unit tests vs. slow integration), but never a reason to delete a passing test that guards real behavior. The cost of running it is tiny; the cost of a regression slipping through is large.

• Tests get noisy over time and need to be deleted to keep the signal clean

  Test noise is a real problem, but the fix is usually to strengthen weak oracles or remove duplicates — not to delete passing tests for shipped behavior. A test guarding shipped behavior is the opposite of noise.

1. A UserProfile class stores user data. Two tests check that a name is stored after creation. Which test is more robust? Test A:

def test_a():
    profile = UserProfile("alice")
    assert profile._data["name"] == "alice"

def test_b():
    profile = UserProfile("alice")
    assert profile.get_name() == "alice"

• Test A — directly reading the storage is the most reliable way to verify the value was saved

  Direct storage access (_data) is exactly the brittleness we saw with _tracks. The underscore signals ‘implementation detail.’ The day someone renames _data to _store, or changes the structure, Test A breaks even though the observable behavior (you can retrieve the name you stored) is unchanged.

• Test B — it verifies behavior through the public API; Test A breaks if the storage key or structure changes internally

  Right. Test B verifies through the public contract (get_name()). Internal storage can be restructured freely without breaking it. Test A is coupled to _data — a pure rename breaks it even when behavior is unchanged.

• Both are equally robust since both assertions check the same underlying fact

  They differ fundamentally under refactoring. Test A is coupled to the dict structure _data["name"]. Test B is coupled only to the observable contract: ‘after creating a profile with “alice”, get_name() returns “alice”.’ One breaks during internal restructuring; the other survives it.

• Neither — storing a name should be tested by checking the return value of the constructor itself

  Constructors in Python return None. Testing through the constructor’s return value isn’t the right path. The observable behavior is what you can read back via the public interface — that’s what get_name() provides.

2. You refactor a function’s internal algorithm (from bubble sort to quicksort) without changing its return value. Two of your tests break. What does this tell you?

• The refactoring introduced a bug — changing the algorithm likely changed the output in a subtle way

  The premise of the question is “without changing its return value” — i.e., behavior is unchanged. So a behavior bug is ruled out. The test failures must be telling you something other than “the new code is wrong” — and that something is: the broken tests were verifying how the function works, not what it does.

• The broken tests are testing implementation details rather than behavior. They should be rewritten to assert on outputs

  Correct. Tests breaking on a pure refactor are the diagnostic signature of brittle tests — they’re coupled to the implementation (internal variable names, algorithm choice) rather than the observable behavior. Rewrite them; keep the refactor.

• You should revert the refactoring since passing tests must never be broken, even temporarily

  Reverting a sound refactor because the tests are too tightly coupled inverts who’s in charge. The refactor is correct; the tests are the problem. Keep the refactor, fix the tests to assert on observable behavior, and you end up with cleaner code and a stronger suite.

• The tests are too strict — you should lower the assertion precision or add tolerance margins

  Loosening assertions or adding tolerance is exactly the wrong direction — that hides the brittleness rather than fixing it. The tests aren’t too strict in what they assert; they’re asserting on the wrong thing (implementation, not behavior). Rewrite, don’t dilute.

3. A test you wrote needs 40 lines of setup code before the single assert statement. What is this test telling you?

• Nothing — large setups are fine as long as the assertion verifies the right thing in the end

  Tests are also a design signal, not just a verifier. A test that needs 40 lines of setup is shouting that the function under test has too many dependencies — every collaborator the function reaches forces a corresponding fixture. Ignoring the smell keeps the pain.

• The Arrange section is too big — this is the Excessive Setup smell, signaling that the production code has too many dependencies. Refactor the design

  Correct. Excessive Setup is a design smell pointing at the production code — too many dependencies crammed into one function. The test is feedback; the fix belongs in the production design, not in hiding the setup behind a helper.

• You should move the setup into a helper function so the test file looks shorter; the underlying design is fine

  A helper hides the smell without addressing it. The test file looks shorter, but the underlying coupling is unchanged — the helper just centralizes the setup-heavy fact. The right response is to listen to what the test is telling you about the production design.

• You should add more assertions to make the heavy setup feel justified — one assert is not enough for 40 lines of arrangement

  Adding more assertions doesn’t compensate for hard-to-arrange tests; it makes them slower to run, harder to read, and more prone to verifying multiple unrelated things in one function. The number of assertions should match the number of behaviors under test, not the size of the Arrange block.

4. Two suites test the same function. Suite A has 100% line coverage but every assertion is assert result is not None. Suite B has 80% line coverage but every assertion checks an exact expected value. Which statement is correct?

• Suite A is stronger — 100% coverage objectively beats 80%, regardless of assertion quality

  Coverage is a necessary condition, not a sufficient one. 100% coverage with assert result is not None exercises every line but verifies almost nothing — any non-None return value passes, including 0, "", [], the wrong number entirely. A higher number doesn’t beat a meaningful assertion.

• Suite B is stronger — coverage measures only which lines ran, not whether their behavior was verified. A weak oracle with full coverage catches no bugs

  Right. Coverage measures which lines ran; strong oracles determine whether the behavior at those lines was actually verified. Suite A ran everything and checked almost nothing. Suite B ran 80% and checked every result precisely.

• Both are equally strong — both execute the function, which is all that matters for catching bugs

  The two suites do not catch the same bugs. Suite A passes for any non-None return — a bug that flips a return value from 42 to 0 slips through silently. Suite B catches that same bug because the value differs from the asserted expected one. Same lines exercised, vastly different bug-catching power.

• Neither is strong — industry standard is ≥95% coverage AND mutation testing, so anything less is unacceptable

  Mutation testing is a great deeper technique, but the question isn’t asking which industry metric is best — it’s asking which of these two suites is stronger. Suite B answers that even before mutation testing enters the picture, because it exposes the foundational issue: weak oracles on full coverage verify nothing.

5. A function build_user_profile(name, age) has this spec:

Returns a dict with name (input), age (input), and is_adult (True if and only if age ≥ 18).

• assert build_user_profile("alice", 30) is not None — survives any future change

  is not None is the weak-oracle Liar — any dict, including a wrong one, passes. The ‘survives any future change’ framing is exactly the trap: a test that survives every change because it asserts almost nothing isn’t robust, it’s empty.

• assert build_user_profile("alice", 30) == {"name": "alice", "age": 30, "is_adult": True, "cached_at": 1730000000} — pins everything

  This is the over-specification trap. cached_at is not in the spec — it’s an internal caching detail. Pinning it means the test fails every time the cache fires (i.e., every second), even though every spec-mandated field is correct.

• assert result["name"] == "alice", assert result["age"] == 30, assert result["is_adult"] is True — one assert per spec-mandated field

  Right. Three asserts, one per spec-mandated field. cached_at is unspecified, so we don’t pin it. The test stays green when the cache implementation evolves and red when any spec-mandated field regresses.

• assert isinstance(build_user_profile("alice", 30), dict) — the type guarantee is enough

  Type checks are medium oracles — they catch wrong types, never wrong values. build_user_profile("alice", 30) could return {"name": "bob", "age": 0, "is_adult": False} and isinstance(..., dict) is happy. The right oracle pins each spec-mandated field.

6. (Spaced review — Step 3) Which assertion is the strongest oracle for compute_total([1.50, 2.00])?

• assert compute_total([1.50, 2.00]) is not None

  is not None is the canonical weak oracle. Any non-None return passes — 0.0, "banana", []. It tells you the function returned something, not whether it returned the right thing.

• assert isinstance(compute_total([1.50, 2.00]), float)

  Type checks catch type errors only. The function could return 42.0 (wrong sum) and isinstance is happy. Step 3 named this the medium-strength oracle — better than is not None, still wrong-value-blind.

• assert compute_total([1.50, 2.00]) > 0

  > 0 is a property check, not a value check. The function could return 0.01, 42.0, 1000000.0 — all positive, all wrong. Property assertions are useful when you genuinely don’t know the exact expected value, but for a deterministic function whose answer you can compute, pin the value.

• assert compute_total([1.50, 2.00]) == 3.50

  Exactly. == 3.50 is the only strong oracle here — any wrong return value (0.0, 1.5, 42.0) would fail it. The other options accept large families of wrong answers.

7. (Spaced review — Step 2) For a function charge_fee(amount) with rule “fee is 2% if amount is 100 or more, else free”, which test pair exposes the most bugs?

• amount = 50 and amount = 200 — one value on each side, well away from the boundary

  $50 and $200 are both deep inside their partitions — both will pass under either > 100 or >= 100, since 50 is clearly free and 200 clearly charges the fee. Boundary bugs only manifest at the boundary; values away from it never expose them.

• amount = 99 and amount = 100 — one just below and one at the boundary, catching > vs >= off-by-one errors

  Right. 99 and 100 straddle the >= 100 threshold. The canonical boundary bug here is > 100 vs >= 100 — it produces the wrong answer at exactly amount = 100 and nowhere else.

• amount = 0 and amount = 1000000 — extreme values at the edges of the representable range

  Extreme-value tests catch overflow / representation bugs (rare in this kind of spec) but completely miss the off-by-one risk at $100. The most common bug here — confusing >= 100 with > 100 — produces correct behavior at $0 and $1,000,000. You’d ship the bug.

• amount = 1 and amount = 2 — two adjacent low values to check precision at the small end

  $1 and $2 are both in the same partition (free), so they verify the same path twice and never approach the boundary. This is the same anti-pattern as the Step 2 quiz: many tests crowded in one partition is roughly one test repeated.

8. (Spaced review — Step 2) A test reads assert is_age_valid(18) == True. A colleague says to use is True instead. What is the reason?

# Option A (current):
assert is_age_valid(18) == True

# Option B:
assert is_age_valid(18) is True

• No difference — == True and is True behave identically for Boolean-returning functions

  They behave the same if the function returns exactly True or False. But if someone refactors is_age_valid to return 1 (truthy but not Boolean), == True still passes (1 == True is True in Python) while is True fails. For a function whose contract is ‘returns Boolean’, that’s the gap you want covered.

• is True catches the case where the function returns a truthy non-Boolean (like 1 or "yes") — == True accepts 1 == True, but 1 is True fails

  Correct. is True uses identity — only the exact True singleton passes. == True uses equality — 1 == True evaluates to True in Python, so truthy non-Booleans slip through. For specs that say ‘returns Boolean’, is True is the precise form.

• is True is faster at runtime, which matters in large test suites

  Runtime performance is not the reason. The reason is oracle precision: is checks identity (is this the exact True object?), while == checks equality (is this value equal to True?). For booleans these differ on truthy non-Boolean values.

• == True is a syntax error in pytest; is True is the required form

  == True is valid pytest syntax. The distinction is about precision, not syntax. Both forms compile and run; only their bug-catching power differs.

1. (Spaced review — all steps) A function ships free for orders ≥ $50 and charges $5 otherwise. Which test pair is the single most important?

• order = $25 and order = $200 — one in the middle of each partition

  $25 and $200 are deep inside their partitions. They both behave correctly under either >= 50 or > 50, since 25 clearly charges and 200 clearly ships free. Boundary bugs only surface at the boundary itself.

• order = $49.99 and order = $50 — one just below the boundary, one exactly at it

  Right. $49.99 and $50 straddle the >= $50 threshold — the same test-pair structure as the streak bug at day 100. Two values straddling a threshold expose the > vs >= family of bugs.

• order = $0 and order = $1,000,000 — the extreme edges

  $0 and $1,000,000 catch a different category of bugs (representation issues, overflow). They miss the dominant off-by-one risk at $50, which is where 99% of bugs in this kind of spec live. Boundary tests come first; extreme-value tests come second.

• order = $50 only — one boundary test is enough

  One boundary test isn’t enough; two values straddling the boundary are what expose > versus >=. With only order = $50, the test cannot tell whether the function is using the right operator because it observes only one side of the threshold.

2. A teammate adds assert result is not None for calculate_total() and says, “Great — the function works.” What’s the right response?

• Agree — passing tests prove the function works.

  Tests passing only tells you what their assertions held. assert result is not None holds for any non-None value, including buggy ones. The teammate is reading the PASS result and skipping the question of what was actually verified.

• That’s a weak oracle. It passes for any non-None value (including 0.0 or "banana"). Replace with assert result == <expected_value>.

  Exactly. The fix is to pin the exact expected value with ==. is not None only tells you the function returned something — the strong oracle tells you it returned the right thing.

• Disagree because we don’t have 100% line coverage yet.

  Coverage isn’t the issue here — the issue is oracle strength. The function might be running with full coverage and returning the wrong value entirely; this assertion couldn’t tell you. Push back on the assertion, not on coverage.

• Disagree — the test is fine but the function name should change.

  The function name might also need work, but that’s a separate critique. The immediate problem is that the test doesn’t verify the function’s behavior in any meaningful way — even a perfect function name wouldn’t fix a is not None oracle.

3. You need to write your first test for a new function parse_username(s). The spec: accept usernames of length 3–20, reject everything else. What is your first step when designing the test suite?

• Open parse_username’s source code and write assertions that confirm each code path runs

  Starting from the implementation makes your tests confirm what the code does, not what it should do — the same post-hoc trap from Step 1. Start from the spec: identify the partitions, then find the boundaries.

• Write assert parse_username('alice') is not None — if the function runs without crashing, it works

  is not None is the canonical weak oracle: it passes for any non-None return, including wrong values. You’ve replaced it with strong == assertions precisely to avoid this.

• Identify the partitions and boundaries: the valid range [3, 20] has two boundary pairs; pick inputs at each boundary and one representative per partition

  Exactly. Partition s by length: too-short (< 3), valid (3–20), too-long (> 20). The boundaries sit at lengths 2, 3, 20, 21. Pick one representative per partition plus those four boundary values — that’s the Step 2 method applied cold.

• Start with a single test using a random username and see if it passes

  A single random test is equivalent to one middle-of-partition sample — it misses all boundaries. The skill from Step 2 is to choose inputs deliberately, not arbitrarily.

4. (Spaced review — Step 4) You rename a private attribute _cache to _store in a class without changing any public method behavior. Three tests break immediately. What does this tell you?

• The rename introduced a bug — renaming always risks changing behavior

  The question specifies ‘without changing any public method behavior’ — behavior is unchanged by definition. Failures after a pure rename signal the tests themselves are the problem, not the rename.

• The three broken tests were accessing _cache directly — they were testing internal implementation, not observable behavior

  Correct. Tests that read or write private members (_cache, _tracks, _data) break the moment those internals are renamed or restructured — even when no behavior changes. This is the Refactoring Litmus Test: if a pure internal refactor breaks tests, those tests are brittle.

• You should revert the rename to restore the passing tests

  Reverting a sound refactor because tests are brittle inverts the correct response. The refactor is valid; the tests are the problem. Rewrite the broken tests to verify behavior through the public API.

• Private attributes must never be renamed after the first release

  There’s no such rule — private attributes can and should be renamed freely as designs evolve. The issue is not the rename but the tests that depend on the old name instead of the public contract.