# Testing Patterns

## Verification Tiers

| Tier | Scope | Pipeline |
|------|-------|----------|
| Tier 1 | New features, security-sensitive, multi-file refactors | coder → reviewer:correctness → reviewer:security → tester:standard → tester:adversarial |
| Tier 2 | Moderate changes, UI updates, bug fixes | coder → reviewer:correctness → tester:standard |
| Tier 3 | Single-file fixes, config tweaks, copy changes | coder → reviewer:correctness |

## Functional Verification Requirements

Static analysis is NOT verification. Every feature must be functionally verified:

- **API endpoints**: Real HTTP requests with response verification
- **Frontend**: Browser-based or test-suite verification
- **Full-stack**: End-to-end UI → API → DB → response cycle
- **Bug fixes**: Reproduce bug, verify it no longer occurs

## What Does NOT Count as Verification

- ❌ Type checks (`tsc`, `bun run check`)
- ❌ Linting (`eslint`, `ruff`)
- ❌ Build succeeding
- ❌ Reading code and concluding "this looks correct"