[Coverage Report] Test Coverage Report — 2026-05-26 #3832
Closed
Replies: 1 comment
-
|
This discussion was automatically closed because it expired on 2026-06-02T02:42:52.747Z.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Overall Coverage
Overall coverage is excellent. No files fall below 50% statement coverage.
🔴 Critical Gaps (< 50% statement coverage)
None. All 82 instrumented source files exceed 50% statement coverage.
🟡 Low Coverage (50–79% statement coverage)
src/services/agent-volumes/hosts-file.tssrc/commands/validators/network-options.tssrc/logs/audit-enricher.tssrc/cli.tssrc/logs/log-parser.tssrc/squid/policy-manifest.tssrc/commands/logs-command-helpers.tssrc/cli-workflow.tssrc/services/host-path-prefix.tssrc/services/doh-proxy-service.tssrc/cli-options.ts🛡️ Security-Critical Path Status
src/host-iptables.tssrc/host-iptables-rules.tssrc/host-iptables-network.tssrc/host-iptables-cleanup.tssrc/squid-config.tssrc/docker-manager.tssrc/domain-patterns.tssrc/cli.tssrc/rules.tsAll primary security-critical paths (iptables rules, Squid domain ACLs, Docker lifecycle) have exceptional coverage. The only security-adjacent concern is
src/cli.tsat 85.7%/67.1%.📋 Full Coverage Table
Click to expand per-file breakdown
src/services/agent-volumes/hosts-file.tssrc/commands/validators/network-options.tssrc/logs/audit-enricher.tssrc/cli.tssrc/logs/log-parser.tssrc/squid/policy-manifest.tssrc/commands/logs-command-helpers.tssrc/cli-workflow.tssrc/services/host-path-prefix.tssrc/services/doh-proxy-service.tssrc/container-cleanup.tssrc/config-writer.tssrc/services/agent-volumes/docker-socket.tssrc/logs/log-streamer.tssrc/commands/validators/agent-options.tssrc/cli-options.tssrc/services/agent-environment/environment-builder.tssrc/squid/ssl-bump.tssrc/ssl-bump.tssrc/host-env.tssrc/container-lifecycle.tssrc/logs/log-aggregator.tssrc/upstream-proxy.tssrc/commands/validators/log-and-limits.tssrc/commands/main-action.tssrc/services/cli-proxy-service.tssrc/parsers/volume-parsers.tssrc/pid-tracker.tssrc/commands/validators/config-assembly.tssrc/services/agent-environment/env-passthrough.tssrc/logs/log-formatter.tssrc/services/agent-volumes/home-strategy.tssrc/domain-patterns.tssrc/host-iptables-rules.tssrc/services/agent-service.tssrc/config-file.tssrc/rules.tssrc/compose-generator.tssrc/option-parsers.tssrc/services/api-proxy-service.tssrc/api-proxy-config.tssrc/constants.tssrc/copilot-api-resolver.tssrc/dind-probe.tssrc/dlp.tssrc/dns-resolver.tssrc/docker-host.tssrc/docker-manager.tssrc/domain-utils.tssrc/env-utils.tssrc/github-env.tssrc/host-identity.tssrc/host-iptables-cleanup.tssrc/host-iptables-network.tssrc/host-iptables-shared.tssrc/host-iptables.tssrc/image-tag.tssrc/log-paths.tssrc/logger.tssrc/redact-secrets.tssrc/schema-validator.tssrc/squid-config.tssrc/commands/build-config.tssrc/commands/logs-audit.tssrc/commands/logs-stats.tssrc/commands/logs-summary.tssrc/commands/logs.tssrc/commands/network-setup.tssrc/commands/predownload.tssrc/commands/preflight.tssrc/commands/signal-handler.tssrc/commands/subcommands.tssrc/commands/validate-options.tssrc/constants/placeholders.tssrc/logs/index.tssrc/logs/log-discovery.tssrc/logs/stats-formatter.ts🔍 Notable Findings
src/cli.ts— 85.7% stmt / 67.1% branch: This is the main orchestration entry point. The 32.9% uncovered branches likely represent error-handling paths (failed container starts, signal interrupts mid-flow, unexpected exit codes). Given its role coordinating the entire firewall lifecycle, improving branch coverage here would catch orchestration failure modes. 1 recent commit touched this file.src/commands/validators/network-options.ts— 50.0% branch coverage: Only half the conditional branches are exercised. Network option validation guards inputs like--allow-domains,--dns-servers, and--docker-host. Uncovered branches likely include malformed inputs and edge-case combinations.src/cli-options.ts— 60.0% branch / 25.0% function coverage: Three out of four exported functions are never called in tests. This file likely handles CLI option defaults and parsing helpers; the uncovered functions may represent option combinations exercised only in integration tests.src/logs/audit-enricher.ts+src/logs/log-parser.ts— 74.1% and 67.1% branch coverage: Log parsing and enrichment paths for malformed or unexpected log entries are likely untested. These matter for operational visibility — silent parse failures could cause coverage reports to silently under-count denied connections.📈 Recommendations
High —
src/cli.tsbranch coverage: Add unit tests covering the error-handling branches (e.g.,startContainersfailure, SIGTERM during container startup, container exit before command completes). Target: bring branch coverage from 67% → 85%+.Medium —
src/commands/validators/network-options.ts: Add parameterized tests for invalid domain formats, conflicting DNS options, and missing required fields. The 50% branch gap suggests entire validation paths are untested.Medium —
src/logs/log-parser.tsandsrc/logs/audit-enricher.ts: Add tests with malformed Squid log lines (truncated entries, missing fields, unexpected formats) to cover the 33%/26% of uncovered branches. These safeguard the accuracy of security audit trails.Low —
src/cli-options.tsfunction coverage: Identify and test the 3 uncovered exported functions, or consider removing them if they're dead code.Generated by test-coverage-reporter workflow. Trigger:
push· Run: 26429076455Beta Was this translation helpful? Give feedback.
All reactions