[Coverage Report] Test Coverage Report — 2026-06-02 #4234
Closed
Replies: 1 comment
-
|
This discussion was automatically closed because it expired on 2026-06-09T23:27:35.737Z.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
📊 Overall Coverage
Overall coverage is strong. 96 test files cover 147 source files across 27,554 lines of tests.
🔴 Critical Gaps (< 50% statement coverage)
None. All files exceed 50% statement coverage.
🟡 Low Coverage (50–79% statement coverage)
src/commands/validators/network-options.ts🛡️ Security-Critical Path Status
src/host-iptables.tssrc/squid-config.tssrc/docker-manager.tssrc/domain-patterns.tssrc/cli.tssrc/host-iptables-rules.tsAll primary security-critical files (host-iptables, squid-config, docker-manager) have 100% coverage. The only concern is
src/cli.tsbranch coverage at 50%.📋 Files Needing Attention (80–89% range)
src/logs/audit-enricher.tssrc/artifact-preservation.tssrc/cli.tssrc/logs/log-parser.tssrc/services/agent-volumes/docker-host-staging.tssrc/commands/validators/log-and-limits.tssrc/logs/log-streamer.ts🔍 Notable Findings
1.
src/cli.ts— 50% branch coverage (security orchestration entrypoint)The main CLI entry has full statement coverage but only 50% branch coverage. This means error/edge branches in the orchestration flow (e.g., signal handling paths, config failure modes) aren't exercised. Given this is the top-level coordinator, uncovered branches could hide silent failures in cleanup or shutdown sequences.
2.
src/commands/validators/network-options.ts— 66.7% statements, 50% branchesOnly 3 conditional branches are tested in this validator. The uncovered branches handle the
dockerHostPathPrefixResolution.dindHintwarning path (line 64) and thedockerHostPathPrefixmissing warning path (line 59). These relate to DinD (Docker-in-Docker) detection — a security-relevant configuration check.3.
src/logs/log-parser.ts— 86.9% statements, 67.1% branchesLog parsing has one-third of its branches untested. Uncovered paths likely include malformed-line handling and edge-case timestamp parsing. While not a direct security control, log integrity is important for audit trails.
4.
src/cli-options.ts— 25% function coverageOnly 2 of ~8 exported functions are called in tests. The untested functions appear to be CLI option definitions/helpers. This is likely acceptable (they're declarative Commander.js option configs), but worth verifying none contain validation logic.
5. Recent commit activity (last 7 days)
One commit landed:
feat: optimize export-audit workflow (~94% weekly cost reduction)— touchingsrc/artifact-preservation.ts,src/cli-workflow.ts,src/cli.ts,src/commands/logs-*.tsand related files. Coverage onsrc/artifact-preservation.tsis 85.4% (statements) / 95.3% (branches), indicating the new paths added are mostly covered.📈 Recommendations
High —
src/cli.tsbranch coverage: Add tests for the signal-handling shutdown paths and config-failure cleanup branches. Target: bring branch coverage from 50% → 80%+. These control whether containers are properly torn down on error.Medium —
src/commands/validators/network-options.ts: Add 2–3 unit tests covering (a) external Docker host with missing path prefix (dindHintbranch) and (b) external Docker host withoutdindHint. These are DinD security-configuration validators.Medium —
src/logs/log-parser.ts: Add tests for malformed log line inputs and boundary timestamp values to close the 33% branch gap. This strengthens audit log integrity.Low —
src/cli-options.tsfunction coverage: Audit the 6 uncovered functions — if they contain validation logic rather than pure option declarations, add targeted tests.Generated by test-coverage-reporter workflow. Trigger:
push· Run ID: 26853958273Beta Was this translation helpful? Give feedback.
All reactions