[Coverage Report] Test Coverage Report — 2026-05-25

[github-actions[bot]]

Overall Coverage

Metric	Coverage
Statements	96.42% (4,294 / 4,453)
Branches	90.82% (2,258 / 2,486)
Functions	97.99% (489 / 499)
Lines	96.58% (4,162 / 4,309)

89 test files covering 133 source files. Overall health is strong; all security-critical modules are well-covered.

---

🔴 Critical Gaps (< 50% statement coverage)

File	Stmts	Note
src/services/agent-environment.ts	0.0%	Barrel re-export only — export { buildAgentEnvironment } from './agent-environment/environment-builder'. The actual implementation (environment-builder.ts) has 93.5% coverage. No action needed.

---

🟡 Low Coverage (50–79% statement coverage)

None — all non-barrel files are ≥ 81% statement coverage.

Files between 80–89% (worth monitoring):

File	Stmts	Branch	Funcs
src/services/agent-volumes/hosts-file.ts	81.0%	66.7%	100%
src/commands/validators/network-options.ts	81.2%	50.0%	100%
src/logs/audit-enricher.ts	83.6%	74.1%	100%
src/cli.ts	85.7%	50.0%	100%
src/logs/log-parser.ts	87.0%	67.1%	100%

---

🛡️ Security-Critical Path Status

Module	Stmts	Branch	Funcs	Status
src/host-iptables.ts	100%	100%	100%	✅ Full
src/squid-config.ts	100%	100%	100%	✅ Full
src/docker-manager.ts	100%	100%	100%	✅ Full
src/domain-patterns.ts	97.7%	95.4%	100%	✅ Excellent
src/cli.ts	85.7%	50.0%	100%	⚠️ Branch gaps
src/host-iptables-rules.ts	97.0%	94.0%	100%	✅ Excellent
src/squid/access-rules.ts	100%	100%	100%	✅ Full
src/squid/domain-acl.ts	100%	100%	100%	✅ Full

---

📋 Full Coverage Table

Click to expand all files

File	Stmts	Branch	Funcs	Lines
src/services/agent-environment.ts	🔴 0.0%	🟢 100.0%	🔴 0.0%	🔴 0.0%
src/services/agent-volumes/hosts-file.ts	🟡 81.0%	🟡 66.7%	🟢 100.0%	🟡 79.5%
src/commands/validators/network-options.ts	🟢 81.2%	🟡 50.0%	🟢 100.0%	🟢 81.2%
src/logs/audit-enricher.ts	🟢 83.6%	🟡 74.1%	🟢 100.0%	🟢 89.4%
src/cli.ts	🟢 85.7%	🟡 50.0%	🟢 100.0%	🟢 85.7%
src/logs/log-parser.ts	🟢 87.0%	🟡 67.1%	🟢 100.0%	🟢 88.0%
src/squid/policy-manifest.ts	🟢 87.2%	🟢 88.2%	🟡 70.0%	🟢 87.0%
src/commands/logs-command-helpers.ts	🟢 88.5%	🟢 83.3%	🟢 100.0%	🟢 88.3%
src/cli-workflow.ts	🟢 88.9%	🟢 85.7%	🟢 100.0%	🟢 88.9%
src/services/host-path-prefix.ts	🟢 88.9%	🟡 75.0%	🟢 100.0%	🟢 87.0%
src/services/doh-proxy-service.ts	🟢 90.0%	🟡 75.0%	🟢 100.0%	🟢 90.0%
src/container-cleanup.ts	🟢 90.3%	🟢 96.8%	🟢 100.0%	🟢 90.2%
src/config-writer.ts	🟢 90.9%	🟢 83.0%	🟢 100.0%	🟢 90.9%
src/test-helpers/docker-test-fixtures.test-utils.ts	🟢 90.9%	🔴 40.0%	🟢 87.5%	🟢 90.9%
src/services/agent-volumes/docker-socket.ts	🟢 92.0%	🟢 93.3%	🟢 100.0%	🟢 92.0%
src/logs/log-streamer.ts	🟢 92.2%	🟡 77.8%	🟢 88.9%	🟢 92.1%
src/commands/validators/agent-options.ts	🟢 93.0%	🟢 88.6%	🟢 100.0%	🟢 93.0%
src/cli-options.ts	🟢 93.0%	🟡 60.0%	🔴 25.0%	🟢 93.0%
src/services/agent-environment/environment-builder.ts	🟢 93.5%	🟡 66.7%	🟢 100.0%	🟢 93.5%
src/squid/ssl-bump.ts	🟢 93.8%	🟢 91.7%	🟢 100.0%	🟢 93.8%
src/ssl-bump.ts	🟢 94.0%	🟢 84.6%	🟢 100.0%	🟢 94.7%
src/host-env.ts	🟢 94.1%	🟢 80.0%	🟢 100.0%	🟢 95.9%
src/container-lifecycle.ts	🟢 94.2%	🟢 84.2%	🟢 100.0%	🟢 94.0%
src/logs/log-aggregator.ts	🟢 94.7%	🟢 87.5%	🟢 100.0%	🟢 94.7%
src/upstream-proxy.ts	🟢 94.9%	🟢 94.7%	🟢 100.0%	🟢 94.5%
src/commands/validators/log-and-limits.ts	🟢 95.2%	🟢 86.7%	🟢 100.0%	🟢 95.2%
src/commands/main-action.ts	🟢 95.5%	🟢 88.6%	🟢 100.0%	🟢 95.4%
src/services/cli-proxy-service.ts	🟢 95.5%	🟢 93.3%	🟢 100.0%	🟢 95.5%
src/parsers/volume-parsers.ts	🟢 95.8%	🟢 100.0%	🟢 100.0%	🟢 95.8%
src/pid-tracker.ts	🟢 96.3%	🟡 76.9%	🟢 100.0%	🟢 97.4%
src/commands/validators/config-assembly.ts	🟢 96.5%	🟢 92.8%	🟢 100.0%	🟢 97.6%
src/services/agent-environment/env-passthrough.ts	🟢 96.8%	🟢 92.0%	🟢 100.0%	🟢 96.8%
src/host-iptables-rules.ts	🟢 97.0%	🟢 94.0%	🟢 100.0%	🟢 97.0%
src/logs/log-formatter.ts	🟢 97.4%	🟢 92.8%	🟢 100.0%	🟢 97.3%
src/services/agent-volumes/home-strategy.ts	🟢 97.4%	🟡 75.0%	🟢 100.0%	🟢 97.4%
src/domain-patterns.ts	🟢 97.7%	🟢 95.4%	🟢 100.0%	🟢 97.6%
src/services/agent-service.ts	🟢 97.8%	🟢 94.6%	🟢 100.0%	🟢 97.7%
src/config-file.ts	🟢 98.0%	🟢 96.8%	🟢 87.5%	🟢 100.0%
src/rules.ts	🟢 98.2%	🟢 91.9%	🟢 100.0%	🟢 98.1%
src/compose-generator.ts	🟢 98.4%	🟢 90.0%	🟢 100.0%	🟢 98.4%
src/option-parsers.ts	🟢 98.8%	🟢 94.7%	🟢 100.0%	🟢 98.8%
src/services/api-proxy-service.ts	🟢 99.0%	🟢 90.9%	🟢 100.0%	🟢 98.9%
src/api-proxy-config.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/constants.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/copilot-api-resolver.ts	🟢 100.0%	🟢 95.7%	🟢 100.0%	🟢 100.0%
src/dind-probe.ts	🟢 100.0%	🟢 93.8%	🟢 100.0%	🟢 100.0%
src/dlp.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/dns-resolver.ts	🟢 100.0%	🟢 91.7%	🟢 100.0%	🟢 100.0%
src/docker-host.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/docker-manager.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/domain-utils.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/env-utils.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/github-env.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/host-identity.ts	🟢 100.0%	🟢 96.9%	🟢 100.0%	🟢 100.0%
src/host-iptables-cleanup.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/host-iptables-network.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/host-iptables-shared.ts	🟢 100.0%	🟢 95.0%	🟢 100.0%	🟢 100.0%
src/host-iptables.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/image-tag.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/log-paths.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/logger.ts	🟢 100.0%	🟢 90.9%	🟢 100.0%	🟢 100.0%
src/redact-secrets.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/schema-validator.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/squid-config.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/commands/build-config.ts	🟢 100.0%	🟢 97.3%	🟢 100.0%	🟢 100.0%
src/commands/logs-audit.ts	🟢 100.0%	🟢 95.7%	🟢 100.0%	🟢 100.0%
src/commands/logs-stats.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/commands/logs-summary.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/commands/logs.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/commands/network-setup.ts	🟢 100.0%	🟢 87.0%	🟢 100.0%	🟢 100.0%
src/commands/predownload.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/commands/preflight.ts	🟢 100.0%	🟢 83.8%	🟢 100.0%	🟢 100.0%
src/commands/signal-handler.ts	🟢 100.0%	🟢 87.5%	🟢 100.0%	🟢 100.0%
src/commands/subcommands.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/commands/validate-options.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/logs/index.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/logs/log-discovery.ts	🟢 100.0%	🟢 90.0%	🟢 100.0%	🟢 100.0%
src/logs/stats-formatter.ts	🟢 100.0%	🟢 93.5%	🟢 100.0%	🟢 100.0%
src/services/agent-environment/api-proxy-environment.ts	🟢 100.0%	🟢 92.8%	🟢 100.0%	🟢 100.0%
src/services/agent-environment/core-environment.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/services/agent-environment/excluded-vars.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/services/agent-environment/github-actions-environment.ts	🟢 100.0%	🟢 95.0%	🟢 100.0%	🟢 100.0%
src/services/agent-environment/host-path-recovery.ts	🟢 100.0%	🟢 90.0%	🟢 100.0%	🟢 100.0%
src/services/agent-environment/observability-environment.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/services/agent-environment/proxy-environment.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/services/agent-environment/tool-specific-environment.ts	🟢 100.0%	🟢 94.1%	🟢 100.0%	🟢 100.0%
src/services/agent-volumes/credential-hiding.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/services/agent-volumes/etc-mounts.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/services/agent-volumes/ssl-mounts.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/services/agent-volumes/system-mounts.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/services/agent-volumes/volume-builder.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/services/agent-volumes/workspace-mounts.ts	🟢 100.0%	🟡 78.6%	🟢 100.0%	🟢 100.0%
src/squid/access-rules.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/squid/acl-generator.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/squid/config-generator.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/squid/config-sections.ts	🟢 100.0%	🟢 82.8%	🟢 100.0%	🟢 100.0%
src/squid/domain-acl.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/squid/upstream-proxy.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%
src/squid/validation.ts	🟢 100.0%	🟢 100.0%	🟢 100.0%	🟢 100.0%

---

🔍 Notable Findings

1. src/cli.ts — 50% branch coverage (recently modified): The main CLI entry point has half its branches untested. Uncovered branches are likely error-handling paths for container startup failures, SIGINT/SIGTERM signal handling, and --keep-containers cleanup logic. This file was modified in the last 7 days. Tests simulating container startup failures or interrupt signals would close this gap.

2. src/cli-options.ts — 25% function coverage, 60% branch coverage (recently modified): Only 25% of exported functions are exercised in a 392-line options-parsing module that was recently changed. The uncovered portions likely involve option combination validation and edge-case flag interactions.

3. src/commands/validators/network-options.ts — 50% branch coverage: Half the validation branches for network options (DNS servers, domain lists, proxy settings) are untested. Invalid input paths (malformed domains, conflicting flags) are likely the uncovered branches.

4. src/logs/log-parser.ts + src/logs/audit-enricher.ts — 67–74% branch coverage: Log parsing/enrichment has meaningful branch gaps. Malformed log lines, edge-case timestamp formats, and enrichment failure paths are likely uncovered. The recently added logs audit command means these code paths are newly active.

---

📈 Recommendations

1. High — Add error-path tests for src/cli.ts: cover container-startup-failure branches and SIGINT/SIGTERM teardown paths. Branch coverage is 50% for the top-level orchestrator.

2. High — Cover src/cli-options.ts functions: add tests for conflicting/invalid option combinations (e.g., --enable-api-proxy without credentials, --dns-servers with invalid IPs). Function coverage is only 25%.

3. Medium — Test invalid-input branches in src/commands/validators/network-options.ts: malformed domain patterns, empty allow-lists, conflicting proxy settings. Branch coverage is 50%.

4. Low — Improve src/logs/log-parser.ts and src/logs/audit-enricher.ts branch coverage with malformed/truncated log line fixtures.

---

Generated by test-coverage-reporter workflow. Trigger: push · Run: 26415536503

Generated by Test Coverage Reporter · sonnet46 1.5M · ◷

• expires on Jun 1, 2026, 7:05 PM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-06-01T19:05:28.514Z.

Closed by Workflow

[github-actions[bot]]

🔮 The ancient spirits stir; the smoke-test agent passed through and left this omen of success. The build held, the browser saw GitHub, and the firewall remains watchful.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex