[Coverage Report] Test Coverage Report — 2026-06-05 #4390
Closed
Replies: 1 comment
-
|
This discussion was automatically closed because it expired on 2026-06-12T16:50:47.878Z.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Overall Coverage
100 test files covering 151 production source files. All configured thresholds pass.
🔴 Critical Gaps (< 50% statement coverage)
None. No production file falls below 50% statement coverage.
🟡 Low Coverage (50–79% statement coverage)
commands/validators/network-options.tsOnly one file in this range. Validates network-option combinations; uncovered branches are likely conflicting/malformed option combos.
🛡️ Security-Critical Path Status
The iptables and Squid ACL stacks are comprehensively covered. Two items worth noting:
squid/policy-manifest.ts— 3 of 10 functions (70%) uncovered; generates the audit policy manifest attached to each run.cli.ts— 50% branch coverage; likely the early-exit OS/version-check path is untested.📋 Files with Branch Coverage < 80%
commands/validators/network-options.tscli.tsservices/api-proxy-service.tsservices/agent-environment/environment-builder.tslogs/log-parser.tsservices/agent-volumes/etc-mounts.tssquid/policy-manifest.tsservices/agent-volumes/docker-host-staging.tslogs/audit-enricher.tsservices/agent-volumes/workspace-mounts.tsservices/doh-proxy-service.tscommands/validators/log-and-limits.tslogs/log-streamer.ts🔍 Notable Findings
1.
services/api-proxy-service.ts— 50% branch coverage (new in commit953f8d8, 2026-06-05)PR #4357 added AI credits accounting and enforcement. The untested branch is the
throw new Error(...)guard whennetworkConfig.proxyIpis missing. One unit test would reach 100% branch coverage.2.
squid/policy-manifest.ts— 70% function coverage3 of 10 internal functions uncovered — likely helper lambdas for HTTP-only or HTTPS-only protocol-split domain lists. These are audit-path functions; gaps reduce confidence in the correctness of emitted policy manifests.
3.
logs/log-parser.ts— 67% branch coverage23 of 70 branches untested. Likely missing: malformed log lines, partial Squid entries, unexpected timestamp formats. Bugs here silently produce incorrect
awf logs stats/awf logs summaryoutput.4.
services/agent-volumes/etc-mounts.ts— 68% branch coverageControls which
/etcfiles are bind-mounted into the agent container. Uncovered branches may include DinD path-prefix edge cases — incorrect mounts could expose or hide credentials.📈 Recommendations
services/api-proxy-service.ts: 1 test (call with missingproxyIp) → 100% branches. Addresses new code from this week.squid/policy-manifest.ts: TestgeneratePolicyManifestwith HTTP-only and HTTPS-only domain lists to cover the 3 uncovered functions.logs/log-parser.ts: Add malformed-input tests (truncated entries, unknown action codes, missing host header).commands/validators/network-options.ts: Test conflicting option combinations (--dns-serverswith invalid IPs,--upstream-proxyconflicts).services/agent-volumes/etc-mounts.ts: Test DinD path-prefix branches for credential-isolation correctness.Generated by test-coverage-reporter workflow. Trigger:
push(commit953f8d8). Source:coverage/coverage-summary.json.Beta Was this translation helpful? Give feedback.
All reactions