[Coverage Report] Test Coverage Report — 2026-06-13 #4847
Closed
Replies: 1 comment
-
|
This discussion was automatically closed because it expired on 2026-06-20T00:36:32.738Z.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Overall Coverage
🔴 Critical Gaps (< 50% statement coverage)
None. All 107 instrumented files are above 50%.
🟡 Low Coverage (50–79% statement coverage)
src/commands/validators/network-options.ts🛡️ Security-Critical Path Status
All four highest-priority security modules are at perfect or near-perfect coverage.
cli.tshas only 2 branch points total; the uncovered branch is a single guard condition.📋 Coverage Table (files below 100%)
45 files with statement coverage below 100% (click to expand)
src/commands/validators/network-options.tssrc/squid-log-reader.tssrc/services/agent-volumes/etc-mounts.tssrc/logs/audit-enricher.tssrc/artifact-preservation.tssrc/cli.tssrc/logs/log-parser.tssrc/squid/policy-manifest.tssrc/services/agent-volumes/docker-host-staging.tssrc/commands/logs-command-helpers.tssrc/services/doh-proxy-service.tssrc/commands/validators/log-and-limits.tssrc/services/host-path-prefix.tssrc/config-writer.tssrc/services/api-proxy-service.tssrc/services/agent-volumes/docker-socket.tssrc/logs/log-streamer.tssrc/services/agent-volumes/system-mounts.tssrc/diagnostic-collector.tssrc/commands/build-config.tssrc/commands/validators/agent-options.tssrc/services/agent-volumes/hosts-file.tssrc/services/agent-environment/environment-builder.tssrc/squid/ssl-bump.tssrc/ssl-bump.tssrc/host-env.tssrc/logs/log-aggregator.tssrc/services/cli-proxy-service.tssrc/commands/main-action.tssrc/upstream-proxy.tssrc/parsers/volume-parsers.tssrc/container-startup-diagnostics.tssrc/services/agent-volumes/workspace-mounts.tssrc/container-cleanup.tssrc/services/agent-environment/env-passthrough.tssrc/compose-sanitizer.tssrc/option-parsers.tssrc/logs/log-formatter.tssrc/commands/validators/config-assembly.tssrc/domain-patterns.tssrc/services/agent-service.tssrc/config-file.tssrc/rules.tssrc/compose-generator.tssrc/pid-tracker.ts62 additional files (test helpers and 100%-covered source files) omitted.
🔍 Notable Findings
src/commands/validators/network-options.ts— newly merged code, 50% branch coverage.Modified in the latest commit (fix(docker-host): pass through loopback TCP DOCKER_HOST for ARC/DinD orchestration #4832, loopback TCP DOCKER_HOST passthrough). All 5 uncovered branches are in warning-emission blocks:
if (!dockerHostCheck.valid)(lines 49–56), the split-filesystem hint (lines 61–65), and the ARC/DinD hint (lines 66–79). These are environment-variable-driven code paths never exercised in the test suite.src/logs/log-parser.ts— 22 uncovered branches in Squid log field parsing.Fallback values for missing
method,decision,dest,url, andhostfields (e.g.obj.method || '') are never tested with null/undefined inputs. IPv6 destination parsing (if (rawDest.startsWith('['))) andlastColon === -1edge case are also untested. These paths are hit when Squid produces non-standard or truncated log lines.src/services/agent-volumes/etc-mounts.ts— 9 uncovered branches in/etc/passwdsynthesis.Fallback paths when
synthesizeIdentityFile()returnsundefined(i.e., file-write failure) are untested — the|| passwdPathand|| '/etc/passwd'fallbacks both remain cold. This path directly affects container identity isolation and is worth hardening with a test that simulates write failure.src/services/agent-environment/environment-builder.ts— 2 uncovered branches (66.66% branch).Two conditional edge cases in the environment assembly pipeline are untested. Minor, but the environment builder feeds all agent container environment variables, including proxy settings.
📈 Recommendations
High —
network-options.tsDinD warning branches: Add a test that setsDOCKER_HOSTto a non-loopback TCP address and verifies the three warninglogger.warn()calls are made. This is the most recently touched file with the lowest branch coverage, and the DinD warning path is relevant to ARC runner security.Medium —
log-parser.tsmalformed/IPv6 log entries: Add test cases with log entries wheremethod/decision/urlare missing (ornull), and at least one entry with an IPv6 destination ([::1]:443). This ensuresawf logs statsandawf logs summarydon't crash on real-world atypical Squid output.Low —
etc-mounts.tssynthesis failure fallback: MocksynthesizeIdentityFileto returnundefinedand assert that the bind mounts fall back to/etc/passwdand/etc/grouprather than crashing. This covers the last untested path in the container credential-isolation layer.Generated by test-coverage-reporter workflow. Trigger:
push. Run: 27450830497Beta Was this translation helpful? Give feedback.
All reactions