Skip to content

test(lockdown): cover remaining safety branches on top of #3 (83.1% → 98.7%)#5

Merged
israel2606 merged 9 commits into
mainfrom
claude/test-coverage-analysis-s33ri0
Jun 11, 2026
Merged

test(lockdown): cover remaining safety branches on top of #3 (83.1% → 98.7%)#5
israel2606 merged 9 commits into
mainfrom
claude/test-coverage-analysis-s33ri0

Conversation

@israel2606

@israel2606 israel2606 commented Jun 8, 2026

Copy link
Copy Markdown
Owner

What & why

PR #3 already raised pkg/lockdown coverage to 83.1% via safety_test.go. This PR was originally cut from an older base and overlapped with it; it has been rebased onto main and trimmed to only the complementary tests that cover the branches PR #3 left untouched. Tests live in a separate file (safety_coverage_test.go) to avoid duplicate test symbols.

No production code changes.

Coverage added (on top of main)

Function main this PR
getRepoAccessInfo 67.9% 96.4%
queryRepoAccessInfo 93.3% 100%
log 40% 100%
package total 83.1% 98.7%

What's tested

  • getRepoAccessInfo — the repo-is-cached-but-user-is-unknown path: a pre-seeded user is served without a call, a new user triggers exactly one query and is merged into the existing entry, then is itself cached.
  • queryRepoAccessInfo — GraphQL server-error propagation (distinct from the nil-client guard already covered in safety_test.go).
  • log — the message-emitted path and the below-threshold suppression path (nil-logger early return was already covered).

Reuses the existing newSafetyTestCache helper, repoAccessQuery, and countingTransport.

Verification

go build ./...                 # OK
go vet ./pkg/lockdown/         # clean
go test ./pkg/lockdown/        # all pass (existing + new)
go test ./pkg/lockdown/ -coverprofile=cover.out && go tool cover -func=cover.out  # 98.7%

Note on CI

The build (3.9 / 3.10 / 3.11) jobs are a Python workflow (pytest/flake8) that fails on every PR in this Go repo — pytest collects 0 tests and exits 5. That's a pre-existing repo workflow misconfiguration, unrelated to this change, and worth disabling/fixing separately.

https://claude.ai/code/session_01W9xh1kJCqtHqBgBAMQikon

israel2606 and others added 9 commits April 26, 2026 23:39
This workflow installs Python dependencies, runs tests, and lints code with multiple Python versions.
Document the architecture, build/test workflow, toolset registration
pattern, parameter helpers, error handling conventions, and contribution
flow so AI assistants can act productively in this repo without
re-discovering conventions.

https://claude.ai/code/session_018psjWyFFcz83JXdxBQMUdd
Diseño modular del ERP basado en los conectores disponibles:
- Stack por capas (datos, aplicacion, automatizacion, BI, colaboracion)
- Modulos del ERP y hoja de ruta por fases
- Plan de cuentas premium con prioridades de pago
Adds tests for the highest-risk untested code identified during a
coverage analysis:

- pkg/lockdown: IsSafeContent (the content-safety decision gate) and
  isTrustedBot were at 0%. New table-driven tests exercise every branch
  of the safety logic (trusted bot, private repo, viewer-authored,
  push-access tiers, and the deny-by-default path), plus cache reuse,
  query-error propagation, option setters, and cacheKey normalization.
  Package coverage rises from ~52% to ~83%.

- pkg/utils: the tool-result constructors (used by every tool's output)
  were an entirely untested package at 0%; now fully covered.
The consolidated actions_* tools (ActionsGet, ActionsList,
ActionsRunTrigger) dispatch to a set of unexported helpers that were at
0% coverage — the existing Test_* cases only validate the tool schemas,
not these implementations.

Adds direct white-box tests (success + API-error paths) for:
getWorkflowJob, listWorkflowJobs, listWorkflowArtifacts,
downloadWorkflowArtifact, getWorkflowRunLogsURL, getWorkflowRunUsage,
rerunWorkflowRun, rerunFailedJobs, and deleteWorkflowRunLogs. Each helper
now sits at ~78-90%, raising actions.go from ~60% to ~81%.
PR #3 raised pkg/lockdown coverage to 83.1% via safety_test.go. This adds
the branches it left uncovered, in a separate file to avoid duplicate test
symbols:

- getRepoAccessInfo: the repo-cached-but-new-user merge path
- queryRepoAccessInfo: GraphQL server-error propagation
- log: the emit and below-threshold suppression branches

Package coverage 83.1% -> 98.7%. No production code changes.

https://claude.ai/code/session_01W9xh1kJCqtHqBgBAMQikon
@israel2606 israel2606 force-pushed the claude/test-coverage-analysis-s33ri0 branch from 89d1074 to eed328b Compare June 8, 2026 23:22
@israel2606 israel2606 changed the title test(lockdown): cover the content trust boundary (51.9% → 98.7%) test(lockdown): cover remaining safety branches on top of #3 (83.1% → 98.7%) Jun 8, 2026
@israel2606 israel2606 merged commit dc17844 into main Jun 11, 2026
11 of 15 checks passed
israel2606 pushed a commit that referenced this pull request Jun 11, 2026
Three of four red workflows (golangci-lint, go.yml, go-build.yml) shared
one root cause: pkg/lockdown no longer compiled. The lockdown package was
refactored after PR #5 branched, and the safety_coverage_test.go added by
#5 still referenced the removed API (newSafetyTestCache, the old
queryRepoAccessInfo signature, repoAccessCacheEntry.viewerLogin) — a
semantic conflict git did not catch on merge. lockdown_test.go already
covers the new design, so the obsolete file is removed.

Also remove two broken/redundant workflows:
- python-package.yml: an empty deprecation stub with no jobs, which is an
  invalid workflow and always reports failure.
- go-build.yml: redundant with go.yml (Build and Test Go Project) and built
  on Node20-deprecated actions (setup-go@v4, cache@v3).

go mod tidy -diff, script/test, and go vet all pass.

https://claude.ai/code/session_01W9xh1kJCqtHqBgBAMQikon
@israel2606 israel2606 self-assigned this Jun 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants