Theater Code Detection
When to Use This Skill
Trigger Conditions:
- Before merging AI-generated code into main branch
- When code review reveals suspiciously complete implementations
- After detecting inconsistencies between documentation and behavior
- As pre-deployment quality gate for critical systems
- When integrating third-party or unfamiliar code
- During security audits to identify fake security measures
Situations Requiring Theater Detection:
- Code that compiles but doesn't execute meaningful logic
- Functions with proper signatures but no-op implementations
- Tests that always pass regardless of code changes
- Security checks that can be bypassed trivially
- Error handling that catches but doesn't handle errors
- Mock implementations accidentally left in production code
Overview
Theater code is code that "performs" correctness without delivering actual functionality. It passes static analysis, looks structurally sound, and may even have tests—but fails to implement the intended behavior. This skill systematically identifies theater code through pattern recognition, execution analysis, and behavioral validation.
The detection process scans codebases for suspicious patterns (empty catch blocks, no-op functions, always-passing tests), analyzes implementations for meaningful logic, executes code to validate actual behavior, and reports findings with actionable recommendations for remediation.
Phase 1: Scan Codebase (Parallel)
Agents: code-analyzer (lead), reviewer (validation) Duration: 10-15 minutes
Scripts:
# Initialize phase
npx claude-flow hooks pre-task --description "Phase 1: Scan Codebase for Theater Patterns"
npx claude-flow swarm init --topology mesh --max-agents 2
# Spawn agents
npx claude-flow agent spawn --type code-analyzer --capabilities "pattern-matching,ast-analysis,static-analysis"
npx claude-flow agent spawn --type reviewer --capabilities "code-quality,suspicious-pattern-detection"
# Memory coordination - define scan parameters
npx claude-flow memory store --key "testing/theater-detection/phase-1/analyzer/scan-config" --value '{"patterns":["empty-catch","no-op-function","always-pass-test"],"severity":"high"}'
# Execute phase work
# 1. Scan for empty catch blocks
echo "Scanning for empty error handlers..."
grep -r "catch\s*(\w*)\s*{\s*}" --include="*.js" --include="*.ts" . > empty-catches.txt || true
# 2. Scan for no-op functions
grep -r "function\s+\w+.*{\s*return\s*[;}]" --include="*.js" --include="*.ts" . > noop-functions.txt || true
# 3. Scan for always-passing tests
grep -r "expect(true).toBe(true)" --include="*.test.js" --include="*.test.ts" . > always-pass-tests.txt || true
# 4. Scan for TODO/FIXME/HACK comments indicating incomplete work
grep -rn "TODO\|FIXME\|HACK" --include="*.js" --include="*.ts" . > incomplete-markers.txt || true
# 5. Scan for suspicious imports (unused, test doubles in production)
echo "Analyzing imports..."
cat > scan-imports.js << 'EOF'
const fs = require('fs');
const path = require('path');
function scanImports(dir) {
const suspicious = [];
function walkDir(currentPath) {
const files = fs.readdirSync(currentPath);
files.forEach(file => {
const filePath = path.join(currentPath, file);
const stat = fs.statSync(filePath);
if (stat.isDirectory() && !file.includes('node_modules')) {
walkDir(filePath);
} else if (file.endsWith('.js') || file.endsWith('.ts')) {
const content = fs.readFileSync(filePath, 'utf-8');
// Check for mock imports in production code
if (!filePath.includes('test') && content.includes("'mock'")) {
suspicious.push({
file: filePath,
reason: 'Mock import in production code',
line: content.split('\n').findIndex(l => l.includes("'mock'")) + 1
});
}
// Check for unused imports
const importMatch = content.match(/import\s+{([^}]+)}\s+from/g);
if (importMatch) {
importMatch.forEach(imp => {
const symbols = imp.match(/{([^}]+)}/)[1].split(',').map(s => s.trim());
symbols.forEach(symbol => {
const usageCount = (content.match(new RegExp(`\\b${symbol}\\b`, 'g')) || []).length;
if (usageCount === 1) { // Only appears in import
suspicious.push({
file: filePath,
reason: `Unused import: ${symbol}`,
line: content.split('\n').findIndex(l => l.includes(symbol)) + 1
});
}
});
});
}
}
});
}
walkDir(dir);
return suspicious;
}
const results = scanImports(process.cwd());
fs.writeFileSync('suspicious-imports.json', JSON.stringify(results, null, 2));
EOF
node scan-imports.js
# 6. Compile scan results
cat > scan-summary.json << 'EOF'
{
"empty_catches": 0,
"noop_functions": 0,
"always_pass_tests": 0,
"incomplete_markers": 0,
"suspicious_imports": 0,
"total_issues": 0,
"scanned_at": ""
}
EOF
# Update with actual counts
EMPTY_CATCHES=$(wc -l < empty-catches.txt)
NOOP_FUNCTIONS=$(wc -l < noop-functions.txt)
ALWAYS_PASS=$(wc -l < always-pass-tests.txt)
INCOMPLETE=$(wc -l < incomplete-markers.txt)
SUSPICIOUS_IMPORTS=$(jq 'length' suspicious-imports.json)
TOTAL=$((EMPTY_CATCHES + NOOP_FUNCTIONS + ALWAYS_PASS + INCOMPLETE + SUSPICIOUS_IMPORTS))
jq --arg ec "$EMPTY_CATCHES" \
--arg nf "$NOOP_FUNCTIONS" \
--arg ap "$ALWAYS_PASS" \
--arg im "$INCOMPLETE" \
--arg si "$SUSPICIOUS_IMPORTS" \
--arg total "$TOTAL" \
--arg ts "$(date -Iseconds)" \
'.empty_catches = ($ec | tonumber) |
.noop_functions = ($nf | tonumber) |
.always_pass_tests = ($ap | tonumber) |
.incomplete_markers = ($im | tonumber) |
.suspicious_imports = ($si | tonumber) |
.total_issues = ($total | tonumber) |
.scanned_at = $ts' \
scan-summary.json > scan-summary-updated.json
mv scan-summary-updated.json scan-summary.json
# Store results
npx claude-flow memory store --key "testing/theater-detection/phase-1/analyzer/scan-results" --value "$(cat scan-summary.json)"
# Complete phase
npx claude-flow hooks post-task --task-id "phase-1-scan"
Memory Pattern:
- Input:
testing/theater-detection/phase-0/user/codebase-path - Output:
testing/theater-detection/phase-1/analyzer/scan-results - Shared:
testing/theater-detection/shared/suspicious-files
Success Criteria:
- Complete codebase scanned for all pattern types
- All suspicious patterns extracted and counted
- Scan results compiled into structured format
- No false positives (validated by reviewer agent)
- Results stored in memory for next phase
Deliverables:
- Scan summary JSON with issue counts
- Pattern-specific result files (empty-catches.txt, etc.)
- Suspicious imports analysis
- File-level issue mapping
Phase 2: Analyze Implementation (Sequential)
Agents: code-analyzer (lead), reviewer (depth analysis) Duration: 15-20 minutes
Scripts:
# Initialize phase
npx claude-flow hooks pre-task --description "Phase 2: Analyze Implementation Depth"
npx claude-flow swarm scale --target-agents 2
# Retrieve scan results
SCAN_RESULTS=$(npx claude-flow memory retrieve --key "testing/theater-detection/phase-1/analyzer/scan-results")
# Memory coordination
npx claude-flow memory store --key "testing/theater-detection/phase-2/analyzer/analysis-depth" --value '{"ast_parsing":true,"control_flow":true,"data_flow":true}'
# Execute phase work
# 1. Deep analysis of flagged files
echo "Performing deep implementation analysis..."
# Create analysis script
cat > analyze-implementation.js << 'EOF'
const fs = require('fs');
const path = require('path');
function analyzeImplementation(filePath) {
const content = fs.readFileSync(filePath, 'utf-8');
const analysis = {
file: filePath,
theater_indicators: [],
confidence_score: 0
};
// Check for meaningful logic