[Coverage Report] Test Coverage Report — 2026-06-10

[github-actions[bot]]

📊 Overall Coverage

Metric	Coverage	Total	Covered
Statements	96.39%	4,936	4,758
Branches	90.75%	2,888	2,621
Functions	98.76%	569	562
Lines	96.47%	4,772	4,604

108 test files covering 155 source files.

---

🔴 Critical Gaps (< 50% statement coverage)

None. All files exceed 50% statement coverage.

---

🟡 Low Coverage (50–79% statement coverage)

File	Stmts	Branches	Notes
src/commands/validators/network-options.ts	🟡 66.66%	50% (5/10)	DinD/external Docker host detection branches untested

---

🛡️ Security-Critical Path Status

File	Stmts	Branches	Status
src/host-iptables.ts	100%	100%	✅ Full coverage
src/squid-config.ts	100%	100%	✅ Full coverage
src/docker-manager.ts	100%	100%	✅ Full coverage
src/domain-patterns.ts	97.67%	95.38%	✅ Excellent
src/cli.ts	85.71%	50% (1/2)	⚠️ Entry-point guard branch

All five security-critical files maintain strong coverage. src/host-iptables.ts, src/squid-config.ts, and src/docker-manager.ts achieve 100% across all metrics.

---

📋 Files with Branch Coverage < 70%

File	Branch Coverage	Total Branches	Risk
src/cli.ts	50% (1/2)	2	Low — likely require.main === module guard
src/commands/validators/network-options.ts	50% (5/10)	10	Medium — Docker host/DinD warning paths
src/services/api-proxy-service.ts	50% (1/2)	2	Low — single uncovered activation branch
src/dind-bootstrap.ts	66.66% (22/33)	33	Medium — DinD bootstrap edge cases
src/services/agent-environment/environment-builder.ts	66.66% (4/6)	6	Low
src/services/agent-volumes/etc-mounts.ts	67.85% (19/28)	28	Low-Medium
src/logs/log-parser.ts	68.57% (48/70)	70	Medium — log parsing edge cases

---

🔍 Notable Findings

1. src/commands/validators/network-options.ts — DinD Branch Gaps (🟡 Priority)

This file validates Docker host and DinD options. The 5 uncovered branches correspond to the warning-emission paths when:

• !dockerHostCheck.valid (external Docker daemon detected)
• !dockerHostCheck.valid && !dockerHostPathPrefixResolution.dockerHostPathPrefix (missing prefix warning)
• dockerHostPathPrefixResolution.dindHint && !dockerHostPathPrefixResolution.dockerHostPathPrefix (ARC/DinD hint without prefix)

Tests would require mocking checkDockerHost() to return { valid: false } and resolveDockerHostPathPrefix() with dindHint: true.

2. src/logs/log-parser.ts — Log Parsing Edge Cases (68.57% branch coverage, 70 branches)

With 22 uncovered branches in log parsing logic, there are likely malformed-input, empty-field, and protocol-edge-case paths that aren't exercised. Since this file feeds the awf logs stats / awf logs summary commands, gaps here could cause silent mis-reporting.

3. src/dind-bootstrap.ts — DinD Bootstrap Paths (66.66% branch coverage, 33 branches)

11 uncovered branches in the DinD bootstrap flow. These are complex infrastructure paths (filesystem prefix detection, socket path resolution) that are hard to test without a real DinD environment but are critical for ARC runner support.

4. Recent Code — All New Functions Are Covered ✅

The only commit in the last 7 days was a CI workflow change (removing dind-ubuntu image). The large set of new functions added to the codebase in recent weeks (validateApiProxyConfig, runMainWorkflow, buildConfig, audit/stats/summary commands, etc.) all have strong coverage, indicating the team is keeping tests current with new code.

---

📈 Recommendations

1. Medium — Branch coverage for network-options.ts: Add tests that mock checkDockerHost() returning invalid/external states and resolveDockerHostPathPrefix() returning dindHint: true. This covers the DinD warning paths at lines ~50–80 which represent real user-facing behavior.

2. Medium — Log parser edge cases: Add tests for malformed Squid log lines, truncated entries, missing fields, and unusual HTTP method/status combinations in src/logs/log-parser.ts. The 22 missing branches likely include these defensive guards.

3. Low — DinD bootstrap paths: Consider adding integration-style tests for src/dind-bootstrap.ts with mocked socket paths and filesystem configurations to improve the 66.66% branch coverage. These tests can be gated to avoid requiring actual Docker-in-Docker infrastructure.

---

📋 Full Coverage Table (click to expand)

File	Stmts	Branch	Funcs	Lines
Total	96.39%	90.75%	98.76%	96.47%
src/commands/validators/network-options.ts	🟡 66.66%	50%	100%	66.66%
src/squid-log-reader.ts	🟢 82.22%	80%	100%	82.22%
src/services/agent-volumes/etc-mounts.ts	🟢 82.45%	67.85%	100%	82.45%
src/logs/audit-enricher.ts	🟢 83.6%	74.13%	100%	89.36%
src/artifact-preservation.ts	🟢 85.36%	95.34%	100%	85.36%
src/cli.ts	🟢 85.71%	50%	100%	85.71%
src/logs/log-parser.ts	🟢 86.9%	68.57%	100%	87.8%
src/squid/policy-manifest.ts	🟢 87.23%	88.23%	70%	86.95%
src/services/agent-volumes/docker-host-staging.ts	🟢 87.75%	72.41%	100%	87.23%
src/commands/logs-command-helpers.ts	🟢 88.52%	83.33%	100%	88.33%
src/dind-bootstrap.ts	🟢 88.88%	66.66%	100%	88.46%
src/services/doh-proxy-service.ts	🟢 90%	75%	100%	90%
src/commands/validators/log-and-limits.ts	🟢 90.32%	77.58%	100%	90.32%
src/services/host-path-prefix.ts	🟢 90.32%	81.57%	100%	88.88%
src/config-writer.ts	🟢 90.9%	82.97%	100%	90.9%
src/services/api-proxy-service.ts	🟢 91.66%	50%	100%	91.66%
src/services/agent-volumes/docker-socket.ts	🟢 91.66%	93.33%	100%	91.66%
src/logs/log-streamer.ts	🟢 92.18%	77.77%	88.88%	92.06%
src/services/agent-volumes/system-mounts.ts	🟢 92.3%	75%	100%	92.3%
src/diagnostic-collector.ts	🟢 92.5%	100%	100%	92.5%
src/commands/build-config.ts	🟢 92.85%	92.2%	100%	92.85%
src/commands/validators/agent-options.ts	🟢 92.98%	88.57%	100%	92.98%
src/services/agent-volumes/hosts-file.ts	🟢 93.22%	90.32%	100%	92.85%
src/services/agent-environment/environment-builder.ts	🟢 93.54%	66.66%	100%	93.54%
src/squid/ssl-bump.ts	🟢 93.75%	91.66%	100%	93.75%
src/ssl-bump.ts	🟢 93.96%	84.61%	100%	94.69%
src/host-env.ts	🟢 94.11%	80%	100%	95.91%
src/logs/log-aggregator.ts	🟢 94.73%	87.5%	100%	94.66%
src/upstream-proxy.ts	🟢 94.93%	94.73%	100%	94.52%
src/services/cli-proxy-service.ts	🟢 95.45%	93.33%	100%	95.45%
src/commands/main-action.ts	🟢 95.58%	88.57%	100%	95.58%
src/parsers/volume-parsers.ts	🟢 95.83%	100%	100%	95.83%
src/container-startup-diagnostics.ts	🟢 96.15%	93.87%	100%	96%
src/services/agent-volumes/workspace-mounts.ts	🟢 96.29%	75%	100%	96.29%
src/container-cleanup.ts	🟢 96.42%	100%	80%	95.83%
src/container-lifecycle.ts	🟢 96.77%	86.84%	100%	96.59%
src/services/agent-environment/env-passthrough.ts	🟢 96.77%	92.3%	100%	96.77%
src/compose-sanitizer.ts	🟢 97.14%	93.33%	100%	97.05%
src/commands/validators/config-assembly.ts	🟢 97.29%	91.48%	100%	98.16%
src/logs/log-formatter.ts	🟢 97.43%	92.85%	100%	97.29%
src/domain-patterns.ts	🟢 97.67%	95.38%	100%	97.61%
src/services/agent-service.ts	🟢 97.77%	94.64%	100%	97.67%
src/services/agent-volumes/home-strategy.ts	🟢 97.77%	83.33%	100%	97.72%
src/config-file.ts	🟢 98.11%	97.29%	87.5%	100%
src/rules.ts	🟢 98.18%	91.89%	100%	98.11%
src/compose-generator.ts	🟢 98.43%	92.5%	100%	98.43%
src/pid-tracker.ts	🟢 98.78%	80.76%	100%	98.7%
src/option-parsers.ts	🟢 98.88%	95.55%	100%	98.82%
src/api-proxy-config.ts	🟢 100%	98.19%	100%	100%
src/cli-options.ts	🟢 100%	93.33%	100%	100%
src/cli-workflow.ts	🟢 100%	100%	100%	100%
src/docker-manager.ts	🟢 100%	100%	100%	100%
src/domain-patterns.ts	🟢 97.67%	95.38%	100%	97.61%
src/host-iptables.ts	🟢 100%	100%	100%	100%
src/host-iptables-rules.ts	🟢 100%	97.01%	100%	100%
src/host-iptables-shared.ts	🟢 100%	95%	100%	100%
src/squid-config.ts	🟢 100%	100%	100%	100%
src/squid/access-rules.ts	🟢 100%	100%	100%	100%
src/squid/acl-generator.ts	🟢 100%	100%	100%	100%
src/squid/config-generator.ts	🟢 100%	100%	100%	100%
src/squid/domain-acl.ts	🟢 100%	100%	100%	100%
src/squid/validation.ts	🟢 100%	100%	100%	100%

(Full table with all 130+ entries omitted for brevity — only files ≥ 80% statement coverage not shown above)

---

Generated by test-coverage-reporter workflow. Trigger: schedule

Generated by Test Coverage Reporter · 120.2 AIC · ⊞ 30.7K · ◷

• expires on Jun 17, 2026, 6:02 AM UTC