Commit 1699231
authored
[test-improver] Improve tests for guard Registry.HasNonNoopGuard (#3158)
# Test Improvements: `internal/guard/guard_test.go`
## File Analyzed
- **Test File**: `internal/guard/guard_test.go`
- **Package**: `internal/guard`
- **Lines of Code**: 802 → 847 (+45 lines)
## Improvements Made
### 1. Increased Coverage — Direct Tests for `Registry.HasNonNoopGuard`
**Problem**: The `HasNonNoopGuard` method in
`internal/guard/registry.go` was called from
`internal/server/unified.go` to determine whether DIFC should be
auto-enabled:
```go
// server/unified.go line 170
if !us.enableDIFC && (us.guardRegistry.HasNonNoopGuard() || ...) {
```
Despite being a meaningful predicate used in server startup logic,
`HasNonNoopGuard` had **no dedicated unit tests** in `guard_test.go`.
All other `Registry` methods (`Register`, `Get`, `Has`, `List`,
`Remove`, `GetGuardInfo`) had explicit subtests — `HasNonNoopGuard` was
the only gap.
### 2. New Test: `TestGuardRegistry_HasNonNoopGuard`
Added 6 subtests covering all branches of the `HasNonNoopGuard` method:
- ✅ **empty registry returns false** — verifies base case
- ✅ **only noop guards returns false** — verifies multiple noop guards
don't trigger true
- ✅ **one non-noop guard returns true** — verifies detection of a single
non-noop guard
- ✅ **mix of noop and non-noop returns true** — verifies any non-noop
triggers true
- ✅ **removing non-noop guard makes it return false** — verifies dynamic
removal
- ✅ **replacing non-noop with noop returns false** — verifies guard
replacement
The tests reuse the existing `mockGuard` helper and follow the
established subtest patterns throughout the file (consistent with
`TestGuardRegistry`).
### 3. Cleaner & More Stable Tests
- ✅ Each subtest uses its own fresh `NewRegistry()` — fully isolated, no
shared state
- ✅ Uses `assert.True`/`assert.False` for clear, readable assertions
- ✅ Tests the state _before_ and _after_ mutations (remove/replace) to
validate dynamic behaviour
- ✅ Follows the existing file style exactly — no new imports needed
## Why These Changes?
`HasNonNoopGuard` is the sentinel used by the server to auto-activate
DIFC when a non-trivial guard is registered. A regression in this
predicate (e.g., always returning `false`) would silently disable DIFC
enforcement at startup — a security-relevant failure. Despite the rest
of the Registry API being well-tested, this method was the only gap.
---
*Generated by Test Improver Workflow*
*Focuses on better patterns, increased coverage, and more stable tests*
> Generated by [Test
Improver](https://github.com/github/gh-aw-mcpg/actions/runs/23977968757/agentic_workflow)
·
[◷](https://github.com/search?q=repo%3Agithub%2Fgh-aw-mcpg+%22gh-aw-workflow-id%3A+test-improver%22&type=pullrequests)
<!-- gh-aw-agentic-workflow: Test Improver, engine: copilot, model:
auto, id: 23977968757, workflow_id: test-improver, run:
https://github.com/github/gh-aw-mcpg/actions/runs/23977968757 -->
<!-- gh-aw-workflow-id: test-improver -->1 file changed
Lines changed: 45 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
405 | 405 | | |
406 | 406 | | |
407 | 407 | | |
| 408 | + | |
| 409 | + | |
| 410 | + | |
| 411 | + | |
| 412 | + | |
| 413 | + | |
| 414 | + | |
| 415 | + | |
| 416 | + | |
| 417 | + | |
| 418 | + | |
| 419 | + | |
| 420 | + | |
| 421 | + | |
| 422 | + | |
| 423 | + | |
| 424 | + | |
| 425 | + | |
| 426 | + | |
| 427 | + | |
| 428 | + | |
| 429 | + | |
| 430 | + | |
| 431 | + | |
| 432 | + | |
| 433 | + | |
| 434 | + | |
| 435 | + | |
| 436 | + | |
| 437 | + | |
| 438 | + | |
| 439 | + | |
| 440 | + | |
| 441 | + | |
| 442 | + | |
| 443 | + | |
| 444 | + | |
| 445 | + | |
| 446 | + | |
| 447 | + | |
| 448 | + | |
| 449 | + | |
| 450 | + | |
| 451 | + | |
| 452 | + | |
408 | 453 | | |
409 | 454 | | |
410 | 455 | | |
| |||
0 commit comments