fix(tests): clean remaining all-target warnings and invalid literal

- remove useless UID >= 0 assertion (u32)
- replace invalid u16 port overflow test with type-safety test
- remove redundant serde_json import
- fix cfg-sensitive unused vars in enrichment tests
- clean monitor test vars in syscall monitor unit tests
- remove unused TestRule in rules engine tests
- use from_ref instead of cloned slice in sniff discovery test

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: vsilent

src/collectors/ebpf/syscall_monitor.rs

@@ -230,7 +230,7 @@ mod tests {
 
     #[test]
     fn test_syscall_monitor_not_running_initially() {
-        let monitor = SyscallMonitor::new();
+        let _monitor = SyscallMonitor::new();
 
         #[cfg(all(target_os = "linux", feature = "ebpf"))]
         {
@@ -241,23 +241,23 @@ mod tests {
 
     #[test]
     fn test_poll_events_empty_when_not_running() {
-        let mut monitor = SyscallMonitor::new();
+        let _monitor = SyscallMonitor::new();
 
         #[cfg(all(target_os = "linux", feature = "ebpf"))]
         {
-            let mut monitor = monitor.unwrap();
+            let mut monitor = _monitor.unwrap();
             let events = monitor.poll_events();
             assert!(events.is_empty());
         }
     }
 
     #[test]
     fn test_event_count() {
-        let mut monitor = SyscallMonitor::new();
+        let _monitor = SyscallMonitor::new();
 
         #[cfg(all(target_os = "linux", feature = "ebpf"))]
         {
-            let mut monitor = monitor.unwrap();
+            let monitor = _monitor.unwrap();
             assert_eq!(monitor.event_count(), 0);
         }
     }

src/rules/engine.rs

@@ -102,30 +102,6 @@ impl Default for RuleEngine {
 mod tests {
     use super::*;
 
-    struct TestRule {
-        name: String,
-        priority: u32,
-        should_match: bool,
-    }
-
-    impl Rule for TestRule {
-        fn evaluate(&self, _event: &SecurityEvent) -> RuleResult {
-            if self.should_match {
-                RuleResult::Match
-            } else {
-                RuleResult::NoMatch
-            }
-        }
-
-        fn name(&self) -> &str {
-            &self.name
-        }
-
-        fn priority(&self) -> u32 {
-            self.priority
-        }
-    }
-
     #[test]
     fn test_engine_creation() {
         let engine = RuleEngine::new();

src/sniff/discovery.rs

@@ -233,7 +233,7 @@ mod tests {
         writeln!(tmp, "test log line").unwrap();
         let path = tmp.path().to_string_lossy().to_string();
 
-        let sources = discover_custom_sources(&[path.clone()]);
+        let sources = discover_custom_sources(std::slice::from_ref(&path));
         assert_eq!(sources.len(), 1);
         assert_eq!(sources[0].source_type, LogSourceType::CustomFile);
         assert_eq!(sources[0].path_or_id, path);

tests/collectors/event_enrichment_test.rs

@@ -42,6 +42,8 @@ fn test_container_detector_creation() {
     // Should work on Linux, may fail on other platforms
     #[cfg(target_os = "linux")]
     assert!(detector.is_ok());
+    #[cfg(not(target_os = "linux"))]
+    assert!(detector.is_err());
 }
 
 #[test]
@@ -85,6 +87,11 @@ fn test_container_id_invalid_formats() {
             assert!(!result, "Should reject invalid container ID: {}", id);
         }
     }
+
+    #[cfg(not(target_os = "linux"))]
+    {
+        assert!(detector.is_err());
+    }
 }
 
 #[test]
@@ -104,10 +111,10 @@ fn test_cgroup_parsing() {
 
 #[test]
 fn test_process_tree_enrichment() {
-    let mut enricher = EventEnricher::new().expect("Failed to create enricher");
+    let enricher = EventEnricher::new().expect("Failed to create enricher");
 
     // Test that we can get parent PID
-    let ppid = enricher.get_parent_pid(1); // init process
+    let _ppid = enricher.get_parent_pid(1); // init process
 
     // PID 1 should exist on Linux
     #[cfg(target_os = "linux")]
@@ -119,7 +126,7 @@ fn test_process_comm_enrichment() {
     let enricher = EventEnricher::new().expect("Failed to create enricher");
 
     // Test that we can get process name
-    let comm = enricher.get_process_comm(std::process::id());
+    let _comm = enricher.get_process_comm(std::process::id());
 
     // Should get some process name
     #[cfg(target_os = "linux")]

tests/collectors/execve_capture_test.rs

@@ -107,10 +107,8 @@ mod linux_tests {
             .filter(|e| e.syscall_type == SyscallType::Execve)
             .collect();
 
-        // All events should have valid UID
-        for event in execve_events {
-            assert!(event.uid >= 0, "UID should be non-negative");
-        }
+        // UID is u32, so only verify iterating events is safe and stable.
+        for _event in execve_events {}
     }
 
     #[test]

tests/events/event_serialization_test.rs

@@ -3,7 +3,6 @@
 //! Tests for JSON and binary serialization of events
 
 use chrono::Utc;
-use serde_json;
 use stackdog::events::security::SecurityEvent;
 use stackdog::events::syscall::{SyscallEvent, SyscallType};
 

tests/events/event_validation_test.rs

@@ -76,19 +76,11 @@ fn test_valid_ip_addresses() {
 }
 
 #[test]
-fn test_invalid_port() {
-    let event = NetworkEvent {
-        src_ip: "192.168.1.1".to_string(),
-        dst_ip: "10.0.0.1".to_string(),
-        src_port: 70000, // Invalid port (> 65535)
-        dst_port: 80,
-        protocol: "TCP".to_string(),
-        timestamp: Utc::now(),
-        container_id: None,
-    };
-
-    let result = EventValidator::validate_network(&event);
-    assert!(!result.is_valid());
+fn test_invalid_port_not_representable_for_u16() {
+    // NetworkEvent ports are u16, so values > 65535 cannot be constructed.
+    // This test asserts type-level safety explicitly.
+    let max = u16::MAX;
+    assert_eq!(max, 65535);
 }
 
 #[test]