Skip to content

[TEST] API Handler & Middleware Coverage - Increase from 4% to 40% #204

Closed as not planned
Closed as not planned
[TEST] API Handler & Middleware Coverage - Increase from 4% to 40%#204
Labels
P1agent:validatorAgent 3 - Validatorcomponent:apicomponent:testingsize:l1-2 daysstaleNo recent activity - will be closed if no response
Milestone
v2.0-beta.2
@JoshuaAFerguson

Description

@JoshuaAFerguson
JoshuaAFerguson
opened on Nov 23, 2025

Problem

API test coverage has dropped to 4% after recent development waves. Many new v2.0-beta features have no tests, and some existing tests are broken.

This creates significant regression risk and makes bug fixes difficult to validate.

Current Status

  • Overall API Coverage: 4.0% (down from ~65-70%)
  • Handler Coverage: Mostly 0.0%
  • Middleware Coverage: 4.6%
  • Database Coverage: ~25%

Coverage Breakdown

Handler Packages (Most at 0.0%)

  • internal/handlers/agents_test.go - Agent management
  • internal/handlers/apikeys_test.go - BROKEN (panic)
  • internal/handlers/agent_websocket_test.go - WebSocket handlers
  • internal/handlers/vnc_proxy_test.go - VNC proxy (new in v2.0)
  • internal/handlers/sessiontemplates_test.go - Templates
  • Plus 20+ other handler test files with low/no coverage

Middleware (4.6% coverage)

  • internal/middleware/ratelimit.go - Rate limiting (new)
  • internal/middleware/inputvalidation.go - Input validation (new)
  • internal/middleware/securityheaders.go - Security headers (new)
  • internal/middleware/structured_logger.go - Structured logging (new)
  • internal/middleware/agent_auth.go - Agent authentication
  • Plus 10+ other middleware files

Database Layer (~25% coverage)

  • internal/db/sessions_test.go - Session CRUD
  • internal/db/users_test.go - User management
  • internal/db/groups_test.go - Group management
  • internal/db/applications_test.go - Applications

New v2.0 Features Requiring Tests

Wave 15-17 Features (Untested)

  1. Agent WebSocket Handlers:

    • Agent registration/deregistration
    • Command processing
    • Status updates
    • Heartbeat handling

  2. VNC Proxy Handlers (NEW):

    • VNC connection establishment
    • Tunnel creation (agent → pod)
    • WebSocket proxy
    • Connection cleanup

  3. Session Management v2.0:

    • Session creation (with agent command)
    • Session termination (via agent)
    • Session hibernation
    • Session wake
    • Status tracking

  4. Template Manifest Handling:

    • Template manifest construction
    • JSON serialization with proper tags
    • Database fallback logic

  5. New Middleware:

    • Rate limiting (requests/min)
    • Input validation (XSS, SQL injection)
    • Security headers (CSP, HSTS, etc.)
    • Structured logging (JSON format)

Test Requirements

Handler Tests (40%+ coverage target)

Agent Handlers

  • Test agent registration (WebSocket connect)
  • Test agent deregistration
  • Test agent status updates
  • Test heartbeat processing
  • Test command dispatch (start/stop/hibernate/wake)
  • Test command failure handling
  • Test agent authentication

VNC Proxy Handlers

  • Test VNC connection establishment
  • Test tunnel creation (port-forward)
  • Test WebSocket upgrade
  • Test data forwarding (bidirectional)
  • Test connection cleanup
  • Test error scenarios (pod not found, etc.)

Session Handlers (v2.0)

  • Test session creation (with template manifest)
  • Test session termination (via agent command)
  • Test session hibernate
  • Test session wake
  • Test session status queries
  • Test multi-session scenarios
  • Test session resource limits

Template Handlers

  • Test template listing (from database)
  • Test template manifest construction
  • Test JSON serialization
  • Test template filtering/search

Middleware Tests (60%+ coverage target)

Security Middleware

  • Test rate limiting (requests/min threshold)
  • Test rate limiting (IP-based vs user-based)
  • Test input validation (XSS prevention)
  • Test input validation (SQL injection prevention)
  • Test security headers (CSP, HSTS, X-Frame-Options)
  • Test CORS handling

Logging Middleware

  • Test structured logging (JSON format)
  • Test request ID generation
  • Test log level filtering
  • Test sensitive data redaction

Auth Middleware

  • Test agent authentication (API key)
  • Test user authentication (JWT)
  • Test RBAC enforcement
  • Test session validation

Database Tests (40%+ coverage target)

  • Test session CRUD operations
  • Test agent CRUD operations
  • Test command CRUD operations
  • Test transaction handling
  • Test error scenarios (constraint violations)

Test Infrastructure

Mock Setup

// Mock database
mockDB := &MockDatabase{}

// Mock K8s client (optional for v2.0)
mockK8s := &MockK8sClient{}

// Mock AgentHub
mockHub := &MockAgentHub{}

// Mock WebSocket connection
mockWS := &MockWebSocket{}

Test Utilities Needed

  • HTTP test request helpers
  • WebSocket test client
  • Mock agent client
  • Database test fixtures

Deliverables

  1. Fixed Test Files:

    • Fix apikeys_test.go panic
    • Fix broken handler tests

  2. New/Enhanced Test Files:

    • internal/handlers/agents_test.go (enhanced)
    • internal/handlers/vnc_proxy_test.go (new)
    • internal/handlers/sessiontemplates_test.go (enhanced)
    • internal/middleware/ratelimit_test.go (enhanced)
    • internal/middleware/inputvalidation_test.go (new)
    • internal/middleware/securityheaders_test.go (new)
    • internal/middleware/structured_logger_test.go (new)
    • Plus 10+ other enhanced test files

  3. Coverage Report:

    • Overall API: 40%+ (up from 4%)
    • Handlers: 40%+ (up from ~0%)
    • Middleware: 60%+ (up from 4.6%)
    • Database: 50%+ (up from ~25%)

  4. Test Documentation:

    • Test execution guide
    • Mock setup guide
    • Test data fixtures

Success Criteria

  • ✅ All broken tests fixed
  • ✅ 40%+ overall API coverage
  • ✅ 40%+ handler coverage
  • ✅ 60%+ middleware coverage
  • ✅ All v2.0 features tested
  • ✅ 200+ new test cases written

References

  • Source Code: api/internal/
  • Broken Test: api/internal/handlers/apikeys_test.go
  • Test Coverage Analysis: .claude/reports/TEST_COVERAGE_ANALYSIS_2025-11-23.md

Estimated Effort

4-5 days (32-40 hours)

  • Fix broken tests: 4-8 hours
  • Handler tests: 12-16 hours
  • Middleware tests: 8-12 hours
  • Database tests: 8-12 hours

Acceptance Criteria

  1. All existing tests fixed and passing
  2. 40%+ overall API coverage achieved
  3. All new v2.0 endpoints tested
  4. Security middleware fully tested
  5. VNC proxy handlers validated
  6. 200+ test cases added

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1agent:validatorAgent 3 - Validatorcomponent:apicomponent:testingsize:l1-2 daysstaleNo recent activity - will be closed if no response

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions