[Coverage Report] Test Coverage Report — 2026-06-13 #4912
Replies: 3 comments
-
|
🔮 The ancient spirits stir: the smoke test agent has passed through the warded gates and left this omen in the thread. May the logs remain clear and the build paths true.
|
Beta Was this translation helpful? Give feedback.
-
|
🔮 The ancient spirits stir: the smoke test agent has passed through the warded gates and left this omen in the thread. May the logs remain clear and the build paths true.
|
Beta Was this translation helpful? Give feedback.
-
|
This discussion was automatically closed because it expired on 2026-06-20T20:48:24.226Z.
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
📊 Overall Coverage
🔴 Critical Gaps (< 50% statement coverage)
None. All 120 files are above 50% statement coverage. ✅
🟡 Low Coverage (50–79% statement coverage)
src/commands/validators/network-options.ts🛡️ Security-Critical Path Status
📋 Files with Branch Coverage < 80%
src/cli.tssrc/commands/validators/network-options.tssrc/services/agent-environment/environment-builder.tssrc/services/agent-volumes/etc-mounts.tssrc/logs/log-parser.tssrc/services/agent-volumes/docker-host-staging.tssrc/logs/audit-enricher.tssrc/services/agent-volumes/system-mounts.tssrc/services/agent-volumes/workspace-mounts.tssrc/services/doh-proxy-service.tssrc/logs/log-streamer.tssrc/commands/validators/log-and-limits.ts🔍 Notable Findings
1.
src/services/agent-volumes/etc-mounts.ts— 67.9% branch coverage (security-sensitive)Controls which
/etcfiles are bind-mounted into the agent container (notably excluding/etc/shadow). The DinD staging path — synthesizing/etc/passwd+/etc/groupwhen the runner lacks them, includingresolveUniqueNamecounter logic for UID/GID conflicts — is undertested. Failures here could surface identity or permission issues in ARC runners.2.
src/logs/log-parser.ts— 68.6% branch coverageThe Squid log parser has 22/70 branches uncovered. Likely missing: IPv6 host headers, bare-IP requests,
"-"user-agent variations, and lines with missing fields. Robust parsing is critical for forensic auditability — unhandled log lines are silently dropped.3.
src/commands/validators/network-options.ts— 50% branch coverage (14/21 lines)The warning-emission paths for external
DOCKER_HOSTdetection and ARC/DinD hint warnings are never triggered in tests. These paths validate the DinD security setup and guide users to configure--docker-host-path-prefix.4.
src/squid/policy-manifest.ts— 70% function coverage (7/10 functions)Three exported functions are never exercised. These likely handle
enableHostAccess/allowHostPortspolicy rules. If they represent dead code they should be removed; otherwise they need tests since they feed the audit-enricher that attributes Squid decisions to named rules.📈 Recommendations
High — Test
etc-mounts.tsDinD staging failures: mockstageHostFilereturningnulland staged files with conflicting UID/GID entries. Covers the identity-file synthesis that preserves shadow-file exclusion.High — Add
log-parser.tsedge-case tests: IPv6 in Host header,–sentinel fields, port-only URLs, extra whitespace, unusual user-agent strings. Prevents silent log drops that could obscure firewall bypass.Medium — Test
network-options.tswith `DOCKER_HOST=(10.0.0.1/redacted) and a non-standard unix socket path to trigger the DinD warning branches.Low — Audit 3 uncovered functions in
squid/policy-manifest.ts— remove if dead code, or add tests forenableHostAccess/allowHostPortspolicy generation.Generated by test-coverage-reporter workflow · Trigger:
push· Date: 2026-06-13Beta Was this translation helpful? Give feedback.
All reactions