[Coverage Report] Test Coverage Report — 2026-06-02 #4192
Closed
Replies: 1 comment
-
|
This discussion was automatically closed because it expired on 2026-06-09T05:00:56.056Z.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Overall Coverage
Overall coverage is healthy — no files are below 50%.
🔴 Critical Gaps (< 50% statement coverage)
None. All files are above 50% statement coverage. ✅
🟡 Low Coverage (50–79% statement coverage)
src/commands/validators/network-options.tsOnly one file falls in the 50–79% range.
🛡️ Security-Critical Path Status
src/host-iptables.tssrc/host-iptables-rules.tssrc/host-iptables-shared.tssrc/host-iptables-network.tssrc/squid-config.tssrc/domain-patterns.tssrc/docker-manager.tssrc/cli.tssrc/rules.tsAll primary security-critical paths are well-covered. The
cli.tsbranch coverage at 67.1% is the most notable gap in this group.📋 Full Coverage Table (files below 98%)
src/commands/validators/network-options.tssrc/services/agent-volumes/etc-mounts.tssrc/logs/audit-enricher.tssrc/cli.tssrc/logs/log-parser.tssrc/squid/policy-manifest.tssrc/services/agent-volumes/docker-host-staging.tssrc/commands/logs-command-helpers.tssrc/services/doh-proxy-service.tssrc/container-cleanup.tssrc/services/host-path-prefix.tssrc/config-writer.tssrc/commands/validators/log-and-limits.tssrc/commands/validators/agent-options.tssrc/cli-options.tssrc/services/agent-volumes/workspace-mounts.tssrc/pid-tracker.tssrc/domain-patterns.tsFiles at 98%+ coverage (click to expand)
All of the following are at 98% statement coverage or above:
src/api-proxy-config.ts,src/cli-workflow.ts,src/constants.ts,src/container-lifecycle-state.ts,src/copilot-api-resolver.ts,src/dind-probe.ts,src/dlp.ts,src/dns-resolver.ts,src/docker-host.ts,src/docker-manager.ts,src/domain-utils.ts,src/env-utils.ts,src/github-env.ts,src/host-identity.ts,src/host-iptables.ts,src/host-iptables-cleanup.ts,src/host-iptables-network.ts,src/host-iptables-shared.ts,src/image-tag.ts,src/log-paths.ts,src/logger.ts,src/redact-secrets.ts,src/schema-validator.ts,src/squid-config.ts,src/squid/ssl-bump.ts, and more.🔍 Notable Findings
src/commands/validators/network-options.ts— 66.7% stmt / 50.0% branch: This validator handles Docker host and DinD path prefix validation. The 50% branch coverage suggests the error-handling branches (invalid--docker-host, DinD hint without path prefix) are not being exercised in tests. These paths gate network isolation configuration and deserve higher coverage.src/cli.ts— 85.7% stmt / 67.1% branch: The main CLI entry point has 14% of statements uncovered. Likely gaps are error-recovery paths, signal handling (SIGINT/SIGTERM), and edge cases around--keep-containers. These are hard to unit-test but important for production robustness.src/cli-options.ts— 93.0% stmt / 60.0% branch / 25% fn: Critically, only 25% of functions are covered. The customformatHelpcommander override has multiple branches around terminal width and option grouping that appear untested.src/logs/audit-enricher.ts— 83.6% stmt / 74.1% branch: Log enrichment logic with uncovered error-handling branches. Lower priority than the above since it's not on the critical security path, but worth improving for log integrity.📈 Recommendations
High —
network-options.tsbranch coverage: Add tests for the--docker-hostvalidation failure path and the DinD hint-without-prefix warning. These control network isolation configuration; the 50% branch coverage is a risk.High —
cli.tsbranch coverage: Add integration-style tests covering SIGINT handling,--keep-containersbehavior, and container startup failure paths. These represent untested orchestration logic in the main entry point.Medium —
cli-options.tsfunction coverage: Cover the customformatHelpfunction by testing terminal-width edge cases (very narrow, very wide terminals) and option group header rendering.Low —
logs/audit-enricher.ts: Exercise the error branches in log enrichment (malformed log entries, missing fields). Low security impact but improves log integrity guarantees.Generated by test-coverage-reporter workflow. Trigger:
push· Run: 26799331630Beta Was this translation helpful? Give feedback.
All reactions