[Coverage Report] Test Coverage Report — 2026-06-06 #4455
Closed
Replies: 1 comment
-
|
This discussion was automatically closed because it expired on 2026-06-13T17:36:06.337Z.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Overall Coverage
🔴 Critical Gaps (< 50% statement coverage)
None. All 134 tracked files exceed 50% statement coverage.
🟡 Low Coverage (50–79% statement coverage)
src/commands/validators/network-options.tsOnly one file sits in the low-coverage band. The uncovered branch is the Docker-host warning path — the
!dockerHostCheck.valid+!dockerHostPathPrefixResolution.dockerHostPrefixguard that emits split-filesystem warnings under ARC/DinD conditions.🛡️ Security-Critical Path Status
src/host-iptables.tssrc/squid-config.tssrc/docker-manager.tssrc/domain-patterns.tssrc/cli.tssrc/cli.tshas only 7 statements total; the 50% branch gap is therequire.main === moduleguard — a standard Node.js pattern that is effectively untestable without spawning a subprocess.📋 Medium Coverage (80–89% statements)
9 files with 80–89% statement coverage
src/services/agent-volumes/etc-mounts.tssrc/logs/audit-enricher.tssrc/artifact-preservation.tssrc/cli.tssrc/logs/log-parser.tssrc/squid/policy-manifest.tssrc/services/agent-volumes/docker-host-staging.tssrc/commands/logs-command-helpers.tssrc/dind-bootstrap.ts🔍 Notable Findings
1.
src/logs/log-parser.ts— 67.1% branch coverageLog parsing is used in the
awf logscommand family. Several error-handling branches for malformed log entries are not exercised. Uncovered paths likely include: timestamp parse failures, missing fields, and truncated lines. These are realistic production scenarios (container crash mid-write).2.
src/services/agent-volumes/etc-mounts.ts— 67.8% branch coverageThe
/etcselective bind-mount logic contains platform-conditional branches (file existence checks, optional mount paths). Uncovered branches appear to be the "file not found" fallback paths which only trigger on non-standard Linux configurations.3.
src/squid/policy-manifest.ts— 3/10 functions uncoveredThree policy-manifest functions have zero coverage. These are likely the DLP/audit-related manifest sections added as features were extended. Since Squid config generation itself is 100% covered, the risk is moderate.
4.
src/dind-bootstrap.ts— 66.7% branch coverageDinD bootstrap code runs only in ARC/DinD runner environments; the uncovered branches reflect the "daemon not reachable" and retry-exhausted failure paths. These are integration-only paths with no unit-test equivalent.
📈 Recommendations
High —
src/logs/log-parser.ts: Add unit tests for malformed-input branches (truncated lines, missing timestamp, unknown log format). These are realistic failure modes and the parser is called in CI summary generation.Medium —
src/services/agent-volumes/etc-mounts.ts: Add tests that mockfs.existsSyncreturningfalsefor optional/etcpaths (e.g.,/etc/alternatives,/etc/ld.so.cache). This would bring branch coverage from 67.8% to ~90%.Medium —
src/squid/policy-manifest.ts: Add tests for the 3 uncovered functions. Check which functions they are withgrep -n "^export" src/squid/policy-manifest.tsand add tests for the DLP/rate-limit manifest builders.Low —
src/commands/validators/network-options.ts: Add a test that mockscheckDockerHost()returning{ valid: false }with no path-prefix to exercise the ARC/DinD warning branch.📊 Coverage Trend
The repository has grown significantly — 134 files are now tracked, with 258 source files touched in the past 7 days. Overall coverage remains high at 96.46% statements and 90.73% branches, well above the configured thresholds (38% / 30%).
Generated by test-coverage-reporter workflow · Trigger:
push· Run: 27069081155Beta Was this translation helpful? Give feedback.
All reactions