[Coverage Report] Test Coverage Report — 2026-06-07 #4471
Closed
Replies: 1 comment
-
|
This discussion was automatically closed because it expired on 2026-06-14T06:01:42.470Z.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
📊 Test Coverage Report — 2026-06-07
Overall Coverage
🔴 Critical Gaps (< 50% statement coverage)
None. All files are at 50% or above.
🟡 Low Coverage (50–79% statement coverage)
src/commands/validators/network-options.ts🛡️ Security-Critical Path Status
src/host-iptables.tssrc/squid-config.tssrc/docker-manager.tssrc/domain-patterns.tssrc/cli.tsAll four top-priority security-critical files (
host-iptables,squid-config,docker-manager,domain-patterns) are at ≥ 95% across all metrics. Thecli.tsbranch gap is therequire.main === moduleentry-point guard — a structural pattern rather than a security-relevant branch.📋 Files with Branch Coverage < 70%
These files have adequate statement coverage but contain branches not exercised by tests:
src/commands/validators/network-options.tssrc/services/api-proxy-service.tssrc/cli.tsrequire.mainguard (structural)src/dind-bootstrap.tssrc/services/agent-environment/environment-builder.tssrc/services/agent-volumes/etc-mounts.ts/etcmount conditional pathssrc/logs/log-parser.ts🔍 Notable Findings
1.
network-options.ts— Docker-host warning branches untestedvalidateNetworkOptionshas three warning paths when!dockerHostCheck.validand whendindHintis set without a path prefix. Only the happy-path (valid Docker host) is covered. These branches gate user-visible warnings about split-filesystem DinD setups.Fix: Add unit tests with mocked
checkDockerHost()returning{ valid: false }and withDOCKER_HOSTset to a non-standard unix socket.2.
api-proxy-service.ts— Null proxy IP path untestedThis 43-line file has a single
if (!networkConfig.proxyIp)guard that throws. The throw path (mis-configured network) is never exercised, leaving an error path invisible to tests.Fix: Add a test asserting the service throws when
proxyIpis absent.3.
log-parser.ts— IPv6 address parsing edge casesThe parser has nested conditions for IPv6 literal addresses in destination fields (lines ~178–198). Coverage shows ~33% of these branches are unexercised — likely the
[::1]-style IPv6 bracket parsing and malformed destination edge cases.Fix: Add unit tests with IPv6-format Squid log lines and deliberately malformed entries.
4. New code added in the past 7 days
A large batch of functions was added recently:
validateApiProxyConfig,validateAnthropicCacheTailTtl,emitApiProxyTargetWarnings(api-proxy-config)preserveIptablesAudit,preserveCleanupArtifacts,removeWorkDirectories(artifact-preservation)runMainWorkflow,buildConfig,auditCommand(cli-workflow, build-config, logs-audit)All are covered by the existing test suite (85–100% per file). No regression detected.
📈 Recommendations
High — Add DinD/external-Docker-host test cases to
src/commands/validators/network-options.test.tscovering the!dockerHostCheck.validanddindHintbranches. These gate security-relevant warnings about split-filesystem setups.Medium — Add edge-case tests to
src/logs/log-parser.tsfor IPv6 bracket-notation log lines ([::1]:443) and malformed destination fields. The log parser is in the audit trail path.Low — Add a single test to
src/services/api-proxy-service.tsasserting that a missingproxyIpthrows. Small but closes the only remaining uncovered branch in that file.Generated by test-coverage-reporter workflow. Trigger:
scheduleBeta Was this translation helpful? Give feedback.
All reactions