[Coverage Report] Test Coverage Report — 2026-06-09 #4640
Closed
Replies: 2 comments
-
|
🔮 The ancient spirits stir around discussion 4640. The smoke test agent was here, and the omens were read.
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
This discussion was automatically closed because it expired on 2026-06-16T22:32:41.338Z.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
📊 Test Coverage Report — 2026-06-09
Overall Coverage (source files, excl. test-utils)
🔴 Critical Gaps (< 50% statement coverage)
None. All source files exceed 50% statement coverage.
🟡 Low Coverage (50–79% statement coverage)
commands/validators/network-options.ts🛡️ Security-Critical Path Status
host-iptables.ts(re-exports)host-iptables-rules.tshost-iptables-shared.tshost-iptables-cleanup.tshost-iptables-network.tssquid-config.tssquid/access-rules.tssquid/acl-generator.tssquid/domain-acl.tsdomain-patterns.tsdocker-manager.tsAll security-critical paths are well-covered. The iptables and Squid subsystems have near-perfect branch coverage.
📋 Branch Coverage Gaps (< 70% — action warranted)
These files have adequate statement coverage but meaningful branch gaps:
cli.tscommands/validators/network-options.tsservices/api-proxy-service.tsdind-bootstrap.tsservices/agent-environment/environment-builder.tsservices/agent-volumes/etc-mounts.tslogs/log-parser.ts🔍 Notable Findings
commands/validators/network-options.ts(50% branches) — Validates Docker host configuration for DinD (ARC runners). Three uncovered branches involvedockerHostPathPrefixResolution.dindHintvalidation — a security-relevant code path that ensures the DinD proxy isn't misconfigured. Tests should cover the case where--docker-hostis provided without--docker-host-path-prefixand vice versa.cli.tsmain entrypoint (50% branches) — The entrypoint has one uncovered branch out of two. Given this is the top-level orchestration entry point (signal handling, error propagation), the missed branch likely covers a startup or parse-error condition. Integration-style tests for the CLI bootstrap path would close this gap.logs/log-parser.ts(68.57% branches, 22 uncovered) — The Squid log parser has many nested conditionals for handling IPv6 addresses, CONNECT-method host extraction, and malformed log entries. 22 uncovered branches indicate that edge cases — IPv6 literals in[...]brackets, missing port fields, non-standard log lines — are not tested. These affect the accuracy ofawf logs statsandawf logs summary.Recent additions in
artifact-preservation.ts(85.36% stmts) — Three new exported functions (preserveIptablesAudit,preserveCleanupArtifacts,removeWorkDirectories) were added in the last 7 days. Statements for cleanup/error branches appear uncovered. These functions are called during teardown, so failures would silently drop audit artifacts.📈 Recommendations
High — Add tests for
commands/validators/network-options.tscovering all 3 branches invalidateNetworkOptions(): (a) invalid docker-host alone, (b) docker-host + no path prefix with DinD hint, (c) valid combined config. This is a DinD security-validation path.High — Cover the uncovered branch in
cli.ts. Check whether it's an unhandled parse error or an early-exit path and add a unit test. The entrypoint should have deterministic coverage.Medium — Add targeted tests for
logs/log-parser.tsIPv6 edge cases (hosts like[::1]:3128) and malformed-line handling. These 22 uncovered branches inflate false-negative risk in the firewall audit trail.Low — Test
dind-bootstrap.tserror-recovery paths (11 uncovered branches). Focus on Docker socket probe timeouts and retry logic — failures here leave the agent running without a valid DinD environment.i️ Data note
The repository contains a
COVERAGE_SUMMARY.mdreflecting an earlier baseline (38.39% statements). Current coverage has improved dramatically to 96.3% across 155 source files, reflecting significant test suite growth. TheCOVERAGE_SUMMARY.mdfile is now stale.Generated by test-coverage-reporter workflow. Trigger:
push· Run ID: 27239805659Beta Was this translation helpful? Give feedback.
All reactions