[Coverage Report] Test Coverage Report — 2026-06-01

[github-actions[bot]]

📊 Overall Coverage

Metric	Coverage
Statements	96.25%
Branches	90.48%
Functions	98.27%
Lines	96.4%

95 test files covering 142 source files.

---

🔴 Critical Gaps (< 50% statement coverage)

None. All source files are above 50% statement coverage.

---

🟡 Low Coverage (50–79% statement coverage)

File	Stmts	Branch	Funcs
src/commands/validators/network-options.ts	66.7%	50.0%	100%

---

🛡️ Security-Critical Path Status

File	Stmts	Branch	Funcs	Status
src/host-iptables.ts	100%	100%	100%	✅ Fully covered
src/squid-config.ts	100%	100%	100%	✅ Fully covered
src/docker-manager.ts	100%	100%	100%	✅ Fully covered
src/domain-patterns.ts	97.7%	95.4%	100%	✅ Well covered
src/cli.ts	85.7%	50.0%	100%	⚠️ Branch coverage low

All primary security-critical files (iptables rules, Squid config, domain matching) have 100% coverage. src/cli.ts has low branch coverage (50%) — the uncovered branches are likely error-handling and signal paths.

---

📋 Full Coverage Table

All files (sorted by statement coverage ascending)

File	Stmts	Branch	Funcs	Lines
src/commands/validators/network-options.ts	🟡 66.7%	🟡 50.0%	🟢 100%	66.7%
src/services/agent-volumes/etc-mounts.ts	🟢 82.5%	🟡 67.9%	🟢 100%	82.5%
src/logs/audit-enricher.ts	🟢 83.6%	🟡 74.1%	🟢 100%	89.4%
src/cli.ts	🟢 85.7%	🟡 50.0%	🟢 100%	85.7%
src/logs/log-parser.ts	🟢 86.9%	🟡 67.1%	🟢 100%	87.8%
src/squid/policy-manifest.ts	🟢 87.2%	🟢 88.2%	🟡 70.0%	87.0%
src/services/agent-volumes/docker-host-staging.ts	🟢 87.8%	🟡 72.4%	🟢 100%	87.2%
src/commands/logs-command-helpers.ts	🟢 88.5%	🟢 83.3%	🟢 100%	88.3%
src/services/doh-proxy-service.ts	🟢 90.0%	🟡 75.0%	🟢 100%	90.0%
src/container-cleanup.ts	🟢 90.3%	🟢 96.8%	🟢 100%	90.2%
src/services/host-path-prefix.ts	🟢 90.3%	🟢 81.6%	🟢 100%	88.9%
src/config-writer.ts	🟢 90.9%	🟢 83.0%	🟢 100%	90.9%
src/commands/validators/log-and-limits.ts	🟢 91.5%	🟡 78.4%	🟢 100%	91.5%
src/services/agent-volumes/docker-socket.ts	🟢 91.7%	🟢 93.3%	🟢 100%	91.7%
src/logs/log-streamer.ts	🟢 92.2%	🟡 77.8%	🟢 88.9%	92.1%
src/commands/validators/agent-options.ts	🟢 93.0%	🟢 88.6%	🟢 100%	93.0%
src/cli-options.ts	🟢 93.0%	🟡 60.0%	🔴 25.0%	93.0%
src/services/agent-volumes/hosts-file.ts	🟢 93.2%	🟢 90.3%	🟢 100%	92.9%
src/services/agent-environment/environment-builder.ts	🟢 93.5%	🟡 66.7%	🟢 100%	93.5%
src/squid/ssl-bump.ts	🟢 93.8%	🟢 91.7%	🟢 100%	93.8%
src/ssl-bump.ts	🟢 94.0%	🟢 84.6%	🟢 100%	94.7%
src/host-env.ts	🟢 94.1%	🟢 80.0%	🟢 100%	95.9%
src/container-lifecycle.ts	🟢 94.2%	🟢 84.2%	🟢 100%	93.9%
src/logs/log-aggregator.ts	🟢 94.7%	🟢 87.5%	🟢 100%	94.7%
src/upstream-proxy.ts	🟢 94.9%	🟢 94.7%	🟢 100%	94.5%
src/commands/main-action.ts	🟢 95.5%	🟢 88.6%	🟢 100%	95.4%
src/services/cli-proxy-service.ts	🟢 95.5%	🟢 93.3%	🟢 100%	95.5%
src/parsers/volume-parsers.ts	🟢 95.8%	🟢 100%	🟢 100%	95.8%
src/services/agent-volumes/workspace-mounts.ts	🟢 96.3%	🟡 75.0%	🟢 100%	96.3%
src/pid-tracker.ts	🟢 96.3%	🟡 76.9%	🟢 100%	97.4%
src/commands/validators/config-assembly.ts	🟢 96.5%	🟢 92.8%	🟢 100%	97.6%
src/services/agent-environment/env-passthrough.ts	🟢 96.8%	🟢 92.0%	🟢 100%	96.8%
src/services/agent-volumes/home-strategy.ts	🟢 97.4%	🟡 75.0%	🟢 100%	97.4%
src/logs/log-formatter.ts	🟢 97.4%	🟢 92.9%	🟢 100%	97.3%
src/domain-patterns.ts	🟢 97.7%	🟢 95.4%	🟢 100%	97.6%
src/host-iptables-rules.ts	🟢 97.7%	🟢 96.8%	🟢 100%	97.6%
src/services/agent-service.ts	🟢 97.8%	🟢 94.6%	🟢 100%	97.7%
src/services/api-proxy-service.ts	🟢 98.0%	🟢 91.1%	🟢 100%	98.9%
src/config-file.ts	🟢 98.1%	🟢 97.1%	🟢 87.5%	100%
src/rules.ts	🟢 98.2%	🟢 91.9%	🟢 100%	98.1%
src/compose-generator.ts	🟢 98.4%	🟢 90.0%	🟢 100%	98.4%
src/option-parsers.ts	🟢 98.9%	🟢 95.6%	🟢 100%	98.8%
Many files at 100%	🟢 100%	🟢 100%	🟢 100%	100%

---

🔍 Notable Findings

1. src/commands/validators/network-options.ts — 66.7% stmt / 50% branch: The sole file in the "low" tier. As the validator for network CLI options (DNS, proxy, domain rules), the uncovered branches likely include error-handling paths for invalid domain lists or conflicting proxy flags. Worth adding negative-case tests.

2. src/cli.ts — 85.7% stmt / 50% branch: The main orchestration entry point has half its branches uncovered. Given this file wires up all commands, the uncovered paths are probably signal handler edge cases and early-exit error flows. A small integration test covering --help, invalid arguments, and SIGINT simulation would help significantly.

3. src/cli-options.ts — 93% stmt but only 25% function coverage: The 400-line options file has three-quarters of its exported functions never called in tests. These are likely option builder helpers that are exercised indirectly but not unit-tested directly. Consider checking whether the uncovered functions are dead code or need explicit tests.

4. src/logs/audit-enricher.ts — 83.6% stmt / 74.1% branch (modified in the most recent commit fccd944): This file was updated to use agent-job runtime context. The coverage gap suggests the new code paths for loading context from a file may not be fully exercised — specifically the fallback and error branches added in that PR.

---

📈 Recommendations

1. High — src/cli.ts branch coverage (50%): Add tests for error-handling and signal paths in the CLI entry point. Even a few targeted tests for --invalid-flag, missing required args, and interrupt handling would push branch coverage above 80%.

2. High — src/commands/validators/network-options.ts (66.7% stmt / 50% branch): Add negative-case unit tests: invalid domain format, empty domain list, conflicting --no-proxy/--allow-domains combinations. This is a security validator — all rejection paths should be tested.

3. Medium — src/logs/audit-enricher.ts (83.6% / 74.1%): The file changed in the latest commit (Fix export-audit prompt generation to use agent-job runtime context #4128). Add tests for the new runtime context file loading paths, including the case where the file is missing or malformed.

4. Low — src/cli-options.ts function coverage (25%): Audit whether the 75% of uncovered functions are reachable. If they are live code, add direct unit tests; if they are dead code, consider removal.

---

Generated by test-coverage-reporter workflow · Trigger: push · Commit: fccd944

Generated by Test Coverage Reporter · sonnet46 975.8K · ◷

• expires on Jun 8, 2026, 6:57 PM UTC

[github-actions[bot]]

🔮 The ancient spirits stir; the smoke test agent was here.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

[github-actions[bot]]

🔮 The ancient spirits stir, and the smoke test agent was here.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex