[Coverage Report] Test Coverage Report — 2026-05-29 #4009
Closed
Replies: 2 comments
-
|
🔮 The ancient spirits stir; the smoke test agent walked this thread and the omens were recorded. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "registry.npmjs.org"See Network Configuration for more information.
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
This discussion was automatically closed because it expired on 2026-06-05T12:34:12.571Z.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Overall Coverage
Overall coverage is excellent. No files fall below 50% statement coverage.
🔴 Critical Gaps (< 50% statement coverage)
None — all 138 source files exceed 50% statement coverage.
🟡 Low Coverage (50–79% statement coverage)
src/commands/validators/network-options.tssrc/logs/audit-enricher.tssrc/cli.tssrc/logs/log-parser.tssrc/squid/policy-manifest.tssrc/services/agent-volumes/docker-host-staging.tssrc/commands/logs-command-helpers.tssrc/services/doh-proxy-service.ts🛡️ Security-Critical Path Status
src/host-iptables.tssrc/squid-config.tssrc/docker-manager.tssrc/domain-patterns.tssrc/cli.tssrc/host-iptables-rules.tsAll four primary security-critical files (
host-iptables.ts,squid-config.ts,docker-manager.ts,domain-patterns.ts) are at or near full coverage. The only notable gap iscli.tsbranch coverage at 50%, which includes theif (require.main === module)guard — not exercisable by unit tests.📋 Recently Modified Files (past 7 days)
All recently changed files have been covered by corresponding test updates:
src/cli.ts,src/cli-options.ts,src/cli-workflow.ts,src/api-proxy-config.ts,src/commands/logs*.ts,src/commands/build-config.ts,src/commands/logs-audit.ts🔍 Notable Findings
src/commands/validators/network-options.ts— branch coverage 50%: ThevalidateNetworkOptionsfunction has several warning-path branches (external Docker host detection, missing path prefix warnings) that aren't exercised. These cover security-relevant configuration validation paths.src/cli.ts— branch coverage 50%: The uncovered branch is theif (require.main === module)entry-point guard, which is structurally untestable in unit tests. Not a real gap, but inflates the apparent miss rate.src/logs/log-parser.ts— branch coverage 67%: Log parsing has several conditional paths for malformed/unexpected Squid log line formats. Uncovered paths mean edge-case log entries (e.g., unusual status codes, truncated lines) might silently produce incorrect aggregation results inawf logs stats/awf logs summary.src/squid/policy-manifest.ts— function coverage 70%: Three functions in this file lack test coverage. Given this is part of the Squid policy generation path, missing function coverage here could mask regressions in policy construction.📈 Recommendations
High: Add tests for
src/commands/validators/network-options.tswarning branches — particularly the external Docker host and missing path prefix paths. These validate critical network isolation configuration and are currently at 50% branch coverage.High: Add edge-case tests for
src/logs/log-parser.ts— malformed Squid log lines, unknown status codes, truncated entries. Incorrect parsing silently corrupts coverage reports and audit trails.Medium: Cover the missing functions in
src/squid/policy-manifest.ts(currently 70% function coverage). This is in the Squid ACL generation path and regressions here could allow unintended domain access.Low:
src/services/agent-volumes/docker-host-staging.tsbranch coverage is 72%. Add tests for the DinD split-filesystem edge cases (path prefix translation with kernel VFS exclusions).Generated by test-coverage-reporter workflow. Trigger:
push· Run: 26637290251Beta Was this translation helpful? Give feedback.
All reactions