[Coverage Report] Test Coverage Report — 2026-06-06 #4465
Closed
Replies: 1 comment
-
|
This discussion was automatically closed because it expired on 2026-06-13T20:48:30.125Z.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
📊 Test Coverage Report — 2026-06-06
134 files tracked · 105 test files · 153 source files
Overall Coverage
🔴 Critical Gaps (< 50% statement coverage)
None — all files are above 50%.
🟡 Low Coverage (50–79% statement coverage)
src/commands/validators/network-options.ts🛡️ Security-Critical Path Status
📋 Coverage Table (files below 95%)
Click to expand — 47 files with coverage below 95%
src/commands/validators/network-options.tssrc/services/agent-volumes/etc-mounts.tssrc/logs/audit-enricher.tssrc/artifact-preservation.tssrc/cli.tssrc/logs/log-parser.tssrc/squid/policy-manifest.tssrc/services/agent-volumes/docker-host-staging.tssrc/commands/logs-command-helpers.tssrc/dind-bootstrap.tssrc/services/doh-proxy-service.tssrc/commands/validators/log-and-limits.tssrc/services/host-path-prefix.tssrc/config-writer.tssrc/services/api-proxy-service.tssrc/services/agent-volumes/docker-socket.tssrc/logs/log-streamer.tssrc/diagnostic-collector.tssrc/commands/build-config.tssrc/commands/validators/agent-options.tssrc/services/agent-volumes/hosts-file.tssrc/services/agent-environment/environment-builder.tssrc/squid/ssl-bump.tssrc/ssl-bump.tssrc/host-env.tssrc/logs/log-aggregator.tssrc/upstream-proxy.tssrc/services/cli-proxy-service.tssrc/commands/main-action.tssrc/parsers/volume-parsers.tssrc/container-lifecycle.tssrc/services/agent-volumes/workspace-mounts.tssrc/container-cleanup.tssrc/services/agent-environment/env-passthrough.tssrc/commands/validators/config-assembly.tssrc/compose-sanitizer.tssrc/logs/log-formatter.tssrc/domain-patterns.tssrc/services/agent-service.tssrc/services/agent-volumes/home-strategy.tssrc/config-file.tssrc/rules.tssrc/compose-generator.tssrc/pid-tracker.tssrc/option-parsers.tssrc/api-proxy-config.tssrc/cli-options.ts87 of 134 tracked files (65%) have 100% statement coverage.
🔍 Notable Findings
src/commands/validators/network-options.ts— New code lacking tests (66.7% stmts, 50% branches)This file was added in the last 7 days. The
validateNetworkOptions()function has 3 conditional warning branches covering external Docker host detection and DinD path-prefix scenarios (lines ~47–73). None of the warning paths (invaliddockerHostCheck, missing path prefix when DinD hint is active) are exercised by any test. Adding unit tests that mockcheckDockerHost()to return{ valid: false }and varydockerHostPrefix/dindHintwould reach full coverage.src/logs/log-parser.ts— Complex parsing paths not fully covered (87% stmts, 67% branches)23 uncovered branches in the log-parser, primarily in IPv6 address parsing (
[bracket handling, remainder splitting) and the timestamp-normalisation fallback path (typeof obj.ts === 'number'branch). These cover edge-case Squid log formats that could cause silent parse failures in production log analysis.src/squid/policy-manifest.ts— 3 uncovered functions (70% function coverage)3 of 10 functions have zero coverage. These are likely utility accessors or edge-case manifest builders for non-default
SquidConfigcombinations (e.g. SSL bump enabled, custom dangerous-port overrides). Worth adding tests with varied config inputs.src/dind-bootstrap.ts— 11 uncovered branches (67% branch coverage)The DinD bootstrap path has substantial uncovered conditional logic — particularly the binary staging path (
stageEngineBinaryoption) and validation branches for unsafe binary names / non-file sources. Given this runs with elevated permissions in CI, these error paths deserve explicit negative-case tests.📈 Recommendations
High — Add tests for
src/commands/validators/network-options.tsCover the 3 warning branches in
validateNetworkOptions(): (a)dockerHostCheck.valid === false, (b) external host with no path prefix, (c)dindHint === truewith no path prefix. These are trivially mockable — the function is already well-structured for unit testing.Medium — Cover IPv6 and timestamp-fallback branches in
src/logs/log-parser.tsAdd test cases with IPv6 client addresses (e.g.
[::1]:12345) and Squid log entries that use integertsfields instead of stringtimestamp. 23 uncovered branches here means log analysis could silently drop or misparse entries from IPv6-enabled deployments.Low — Add negative-case tests for
src/dind-bootstrap.tsbinary stagingCover the
SAFE_BINARY_NAME_REGEXrejection path and theisFile()guard. These protect against path-traversal-style inputs in the DinD bootstrap and should have explicit failure-mode tests.Generated by test-coverage-reporter workflow · Trigger:
push· Run: 27073349818Beta Was this translation helpful? Give feedback.
All reactions