Home Claude Code Mastery Day 3
Day 3 of 5
⏱ ~70 minutes
Claude Code Mastery — Day 3

Testing, Debugging, and Code Review

The test-write-fix loop is where most developers lose hours. Claude Code closes that loop. Today: write tests for untested code, debug errors by pasting them directly into the terminal, and use Claude Code as your first-pass security reviewer.

Writing Tests

The simplest test generation command you'll ever use:

Terminal — Write Tests 
claude "write tests for src/utils/pricing.ts"

Claude Code will:

  1. Read the file
  2. Identify all exported functions and their signatures
  3. Write tests covering happy paths, edge cases, and error conditions
  4. Match your test framework (Vitest, Jest, etc.) based on your config
  5. Run the tests to verify they pass

Be more specific when you have specific requirements:

Terminal — Specific Test Instructions 
# Target coverage
claude "write tests for src/utils/pricing.ts.
Focus especially on: negative quantities, zero price,
discount codes that have expired, and concurrent
requests hitting rate limits"

# Integration tests
claude "write integration tests for the POST /api/orders
endpoint. Mock the payment processor but use a real
in-memory database. Test success, insufficient funds,
and invalid cart states"

# Test an untested module
claude "src/auth/rbac.ts has zero test coverage.
Write comprehensive tests. The permission system has
3 levels: admin, editor, viewer. Test all boundary
conditions."
💡
Tests as documentation. When Claude Code writes tests, it reveals what assumptions exist in your code. Often the most valuable output isn't the tests themselves — it's when Claude Code says "I can't write a test for this function without mocking X, Y, and Z, which suggests it has too many dependencies." That's real architectural feedback.

Debugging: Paste the Error, Get the Fix

The fastest debugging workflow with Claude Code: copy the full error output, paste it in, let Claude Code find and fix it.

Terminal — Debug From Error 
claude "I'm getting this error:

TypeError: Cannot read properties of undefined
  (reading 'userId')
    at validateRequest (src/middleware/auth.ts:23:15)
    at Layer.handle [as handle_request]
    at next (/node_modules/express/lib/router/layer.js:95:5)
    at Route.dispatch

The error happens when hitting POST /api/orders.
Fix it."

Claude Code will read src/middleware/auth.ts at line 23, understand the call stack, trace the issue back to its source, and propose a fix. It'll also check if the same bug exists elsewhere.

Debugging build failures

Terminal — Debug Build/TypeScript Errors 
# TypeScript type errors
claude "npx tsc --noEmit is throwing 12 errors.
Fix all of them: [paste tsc output]"

# Failed build
claude "npm run build is failing:
[paste build output]
Fix the build without changing any functionality"

# Test failures after refactor
claude "after the refactor, 6 tests are failing:
[paste test output]
Fix the tests. Do not change the implementation
unless the implementation is actually wrong."
⚠️
"Fix the tests, not the implementation" matters. If you just say "fix the failing tests," Claude Code might change your implementation to match outdated tests, or update tests to match broken implementation. Be explicit about which one is the source of truth.

Code Review for Security Issues

Before merging a PR, run a Claude Code security review. This doesn't replace a human security audit, but it catches the obvious things that shouldn't get through.

Terminal — Security Review 
# Review a specific file
claude "review src/api/users.ts for security
vulnerabilities. Look for: SQL injection, unvalidated
input, missing auth checks, exposed sensitive data
in responses, and rate limiting issues"

# Review a git diff (new code from a PR)
git diff main..feature-branch | claude "review this
diff for security issues. Focus on authentication
bypass, injection vulnerabilities, and any data
that should be sanitized before use"

# Review API endpoints
claude "review all POST endpoints in src/routes/
for missing input validation. List any endpoint
that accepts user input without validating it"

Full code review (not just security)

Terminal — Full Code Review 
claude "review src/api/checkout.ts as if you're a
senior engineer doing a thorough PR review.

Look for:
1. Security vulnerabilities
2. Race conditions or concurrency issues
3. Error cases that aren't handled
4. Performance problems (N+1 queries, etc.)
5. Places where the code doesn't match what the
   comments say it does
6. Anything that would fail under high load

Be specific. Quote the problematic lines."
ℹ️
Claude Code can fix what it finds. After the review, say "fix the issues you found." It will make the changes and run your tests to verify. The review + fix cycle is one of the highest-ROI uses of Claude Code in a team setting.
💻 Day 3 Exercise
Find and Fix All Issues in a Buggy Script

Take a real script or module from your project that you know has issues — or pick one that's untested. You're going to let Claude Code find and fix everything.

  1. Pick a file with at least one known issue (or a file with zero test coverage).
  2. Ask Claude Code to write tests for it: claude "write tests for [filename]". Note which functions it can't easily test — those are architectural insights.
  3. If any tests fail, ask: "these tests are failing — fix the implementation". Review every change before accepting.
  4. Run a security + quality review on the same file.
  5. Ask Claude Code to fix the top 3 issues it found.
  6. Verify the tests still pass after the fixes.

Day 3 Summary

  • Claude Code writes tests that match your framework, covers edge cases, and runs them to verify. Be specific about what scenarios matter.
  • Paste error output directly into the terminal — Claude Code reads the stack trace, finds the source, and fixes it.
  • Always specify whether tests or implementation is the source of truth when both are failing.
  • Use Claude Code for first-pass security and quality reviews. It catches the obvious things so your humans can focus on the subtle ones.
Challenge

Find a module in your codebase with zero or near-zero test coverage. Give it to Claude Code: write tests, run them, fix any issues found, and end with the module fully covered. Time how long this takes vs. how long it would have taken you manually. That time delta is what Claude Code is worth to your workflow.

← Previous
Day 2: Multi-File Projects
Next →
Day 4: Building Full Features