Skip to content

test(web): achieve 80% API route coverage with CI enforcement#4

Open
pauljacobb wants to merge 1 commit into
mainfrom
test/325-api-coverage-80
Open

test(web): achieve 80% API route coverage with CI enforcement#4
pauljacobb wants to merge 1 commit into
mainfrom
test/325-api-coverage-80

Conversation

@pauljacobb

Copy link
Copy Markdown
Owner

Summary

Adds missing API route tests and enforces an 80% coverage threshold in CI with Codecov upload.

Changes

  • src/app/api/certificates/route.test.ts — new: happy path, DB error, pagination, cursor, field normalization
  • src/app/api/meters/route.test.ts — added GET tests (list + DB error path)
  • src/app/api/ready/route.test.ts — new: healthy and degraded states
  • vitest.config.ts — added lcov reporter + 80% thresholds on lines/functions/branches/statements
  • .github/workflows/ci.yml — run vitest --coverage and upload lcov.info to Codecov

Acceptance criteria

  • Coverage measured with vitest --coverage
  • All API routes have at least one happy-path test
  • Error paths (DB failure, invalid input) tested
  • Coverage threshold enforced in CI (minimum 80%)
  • Coverage report uploaded to Codecov

Closes AnnabelJoe#325

…nabelJoe#325)

- certificates/route.test.ts: happy path, DB error, pagination, cursor,
  field normalization (readings join flattened to meter_id)
- meters/route.test.ts: add GET tests (list + DB error)
- ready/route.test.ts: healthy and degraded states
- vitest.config.ts: add lcov reporter + 80% threshold on lines/functions/
  branches/statements
- ci.yml: run vitest --coverage and upload lcov to Codecov

Closes AnnabelJoe#325
@github-actions

Copy link
Copy Markdown

✅ pnpm audit

4 vulnerabilities found
Severity: 4 moderate

@github-actions

Copy link
Copy Markdown

🔍 Vercel Preview Deployment

URL: Learn More: https://err.sh/vercel/no-credentials-found

Uses Stellar testnet contract addresses.

readings: { meter_id: 'meter-1' },
}

function mockDb(data: unknown[], error: unknown = null, count = 1) {
@github-actions

Copy link
Copy Markdown

✅ cargo audit

�[1m�[32m    Updating�[0m crates.io index
�[1m�[32m     Locking�[0m 188 packages to latest compatible versions
�[1m�[36m      Adding�[0m arbitrary v1.3.2 �[1m�[33m(available: v1.4.2)�[0m
�[1m�[36m      Adding�[0m crypto-common v0.1.6 �[1m�[33m(available: v0.1.7)�[0m
�[1m�[36m      Adding�[0m derive_arbitrary v1.3.2 �[1m�[33m(available: v1.4.2)�[0m
�[1m�[36m      Adding�[0m soroban-builtin-sdk-macros v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-common v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-guest v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-host v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-macros v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-sdk v23.5.3 �[1m�[33m(available: v25.3.0)�[0m
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 1099 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (192 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m derivative
�[0m�[0m�[1m�[33mVersion:  �[0m 2.2.0
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m `derivative` is unmaintained; consider using an alternative
�[0m�[0m�[1m�[33mDate:     �[0m 2024-06-26
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0388
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0388
�[0m�[0m�[1m�[33mDependency tree:
�[0mderivative 2.2.0
├── ark-poly 0.4.2
│   └── ark-ec 0.4.2
│       ├── soroban-env-host 23.0.1
│       │   ├── soroban-sdk 23.5.3
│       │   │   ├── multisig-admin 1.0.0
│       │   │   ├── energy-token 1.0.0
│       │   │   ├── community-governance 1.0.0
│       │   │   └── audit-registry 1.0.0
│       │   └── soroban-ledger-snapshot 23.5.3
│       │       └── soroban-sdk 23.5.3
│       └── ark-bls12-381 0.4.0
│           └── soroban-env-host 23.0.1
├── ark-ff 0.4.2
│   ├── soroban-env-host 23.0.1
│   ├── ark-poly 0.4.2
│   ├── ark-ec 0.4.2
│   └── ark-bls12-381 0.4.0
└── ark-ec 0.4.2

�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
├── wasmi_core 0.13.0
│   └── soroban-wasmi 0.31.1-soroban.20.0.1
│       ├── soroban-env-host 23.0.1
│       │   ├── soroban-sdk 23.5.3
│       │   │   ├── multisig-admin 1.0.0
│       │   │   ├── energy-token 1.0.0
│       │   │   ├── community-governance 1.0.0
│       │   │   └── audit-registry 1.0.0
│       │   └── soroban-ledger-snapshot 23.5.3
│       │       └── soroban-sdk 23.5.3
│       └── soroban-env-common 23.0.1
│           ├── soroban-sdk-macros 23.5.3
│           │   └── soroban-sdk 23.5.3
│           ├── soroban-ledger-snapshot 23.5.3
│           ├── soroban-env-host 23.0.1
│           └── soroban-env-guest 23.0.1
│               └── soroban-sdk 23.5.3
└── ark-ff 0.4.2
    ├── soroban-env-host 23.0.1
    ├── ark-poly 0.4.2
    │   └── ark-ec 0.4.2
    │       ├── soroban-env-host 23.0.1
    │       └── ark-bls12-381 0.4.0
    │           └── soroban-env-host 23.0.1
    ├── ark-ec 0.4.2
    └── ark-bls12-381 0.4.0

�[0m�[0m�[1m�[33mwarning:�[0m 2 allowed warnings found

AnnabelJoe pushed a commit that referenced this pull request Jun 3, 2026
- buildIRecXml() in src/lib/irec-xml.ts maps certificate fields to
  I-REC Standard v3 XML including on-chain AnchorProof extension
- GET /api/certificates/:id/irec-export returns XML with
  Content-Disposition: attachment for direct download
- v1 redirect at /api/v1/certificates/:id/irec-export
- I-REC export button added to certificates dashboard table
- XML escaping prevents injection via certificate/meter data
AnnabelJoe pushed a commit that referenced this pull request Jun 27, 2026
## [1.16.0](AnnabelJoe/solarproof@v1.15.0...v1.16.0) (2026-06-08)

### Features

* add bulk certificate retirement API and UI ([AnnabelJoe#347](AnnabelJoe#347)) ([196ab0c](AnnabelJoe@196ab0c))
* add GET/DELETE /api/meters/:id with admin auth ([AnnabelJoe#269](AnnabelJoe#269)) ([444a447](AnnabelJoe@444a447))
* add input validation and sanitization to all API endpoints ([AnnabelJoe#338](AnnabelJoe#338)) ([964d4b8](AnnabelJoe@964d4b8))
* add loading skeletons for async data fetches ([AnnabelJoe#255](AnnabelJoe#255)) ([3fc2fcd](AnnabelJoe@3fc2fcd))
* add pentest scope and report placeholder ([AnnabelJoe#342](AnnabelJoe#342)) ([d27703e](AnnabelJoe@d27703e))
* add public v1 verify API and OpenAPI spec ([AnnabelJoe#352](AnnabelJoe#352)) ([71dc4a9](AnnabelJoe@71dc4a9))
* admin interface and fractional kWh support ([49bd5fe](AnnabelJoe@49bd5fe))
* **api:** versioning — 301 redirects from /api/* to /api/v1/*, API-Version header ([fa8bf84](AnnabelJoe@fa8bf84))
* **auth:** configure token expiry, rotation, and revocation list ([d4117a7](AnnabelJoe@d4117a7))
* build analytics dashboard for energy generation statistics ([AnnabelJoe#350](AnnabelJoe#350)) ([971c19c](AnnabelJoe@971c19c))
* certificate transfer endpoint and UI ([#1](AnnabelJoe#1)) ([477a577](AnnabelJoe@477a577))
* **ci:** Docker image scanning with Trivy — block on CRITICAL CVEs ([164dbc7](AnnabelJoe@164dbc7))
* **contracts:** add upgrade timelock tests for community_governance ([AnnabelJoe#284](AnnabelJoe#284)) ([79f5662](AnnabelJoe@79f5662))
* **crypto:** add verifyReadingSignature and 100% unit test coverage ([2b79205](AnnabelJoe@2b79205))
* **db:** add perf indexes on readings, certificates, audit_anchors ([7e37584](AnnabelJoe@7e37584))
* **e2e:** add Playwright tests for dashboard, certificate detail, and public verifier ([1ecf24e](AnnabelJoe@1ecf24e))
* enable Turborepo remote caching for all CI steps ([AnnabelJoe#297](AnnabelJoe#297)) ([9385ff4](AnnabelJoe@9385ff4))
* **governance:** add proposed_action field to create proposal form ([515ed8d](AnnabelJoe@515ed8d))
* **governance:** configurable quorum/threshold with admin guard and edge-case tests ([ecda905](AnnabelJoe@ecda905))
* I-REC XML export for certificates ([#4](AnnabelJoe#4)) ([232bf4a](AnnabelJoe@232bf4a))
* implement BullMQ+Redis async job queue for Stellar tx ([AnnabelJoe#272](AnnabelJoe#272)) ([a4b425c](AnnabelJoe@a4b425c))
* implement certificate retirement API endpoint ([AnnabelJoe#270](AnnabelJoe#270)) ([861bcce](AnnabelJoe@861bcce))
* implement cooperative multi-meter management ([AnnabelJoe#351](AnnabelJoe#351)) ([640d0b9](AnnabelJoe@640d0b9))
* implement meter key revocation mechanism ([AnnabelJoe#339](AnnabelJoe#339)) ([ce90af9](AnnabelJoe@ce90af9))
* implement webhook notifications for certificate lifecycle events ([AnnabelJoe#353](AnnabelJoe#353)) ([4205191](AnnabelJoe@4205191))
* **load-test:** add k6 baseline + breakpoint scenarios, p95<500ms threshold ([f019ccc](AnnabelJoe@f019ccc))
* mock Freighter wallet for CI testing ([#2](AnnabelJoe#2)) ([325b565](AnnabelJoe@325b565))
* **notifications:** email alerts for mint, retire, and mint failure ([AnnabelJoe#140](AnnabelJoe#140)) ([7ce4a12](AnnabelJoe@7ce4a12))
* **security:** add HTTP security headers ([AnnabelJoe#129](AnnabelJoe#129)) ([944c5b9](AnnabelJoe@944c5b9))
* **security:** add RLS policies for multi-tenant isolation ([AnnabelJoe#274](AnnabelJoe#274)) ([9b2ce49](AnnabelJoe@9b2ce49))
* **security:** API key auth for meter submissions ([AnnabelJoe#131](AnnabelJoe#131)) ([a437a9b](AnnabelJoe@a437a9b))
* **security:** HTTPS redirect and HSTS headers ([45c9c81](AnnabelJoe@45c9c81))
* **security:** restrict Supabase service role key usage ([AnnabelJoe#134](AnnabelJoe#134)) ([037e825](AnnabelJoe@037e825))
* staging environment deployment pipeline ([AnnabelJoe#295](AnnabelJoe#295)) ([8169df0](AnnabelJoe@8169df0))
* support fractional kWh tokens with 3 decimal places ([84ee9a6](AnnabelJoe@84ee9a6)), closes [AnnabelJoe#354](AnnabelJoe#354)
* **testing:** add mutation testing for Rust contracts and TS utilities ([AnnabelJoe#331](AnnabelJoe#331)) ([29135d5](AnnabelJoe@29135d5))
* **web:** real-time energy chart with WebSocket + polling fallback ([AnnabelJoe#260](AnnabelJoe#260)) ([7881a7e](AnnabelJoe@7881a7e))

### Bug Fixes

* **ci:** add dependency license compliance check ([AnnabelJoe#344](AnnabelJoe#344)) ([ab4b39e](AnnabelJoe@ab4b39e))
* resolve conflicts, reconcile retirement model, and fix tests ([a0d4332](AnnabelJoe@a0d4332))
* resolve JSX parse errors in dashboard and verify pages ([a1ec4b7](AnnabelJoe@a1ec4b7))
* resolve residual merge conflict markers ([1c8b371](AnnabelJoe@1c8b371))
* resolve workspace compilation and type errors ([042221a](AnnabelJoe@042221a))
* **security:** add security headers to all HTTP responses ([AnnabelJoe#340](AnnabelJoe#340)) ([1d6db6b](AnnabelJoe@1d6db6b))
* **security:** implement audit logging for sensitive operations ([AnnabelJoe#341](AnnabelJoe#341)) ([34d0971](AnnabelJoe@34d0971))
* **security:** implement CSP headers for Next.js web app ([AnnabelJoe#333](AnnabelJoe#333)) ([2834203](AnnabelJoe@2834203))

### Documentation

* add hardware meter integration guide ([AnnabelJoe#320](AnnabelJoe#320)) ([f5c4b3e](AnnabelJoe@f5c4b3e))
* add inline comments and required/optional markers to .env.example ([AnnabelJoe#318](AnnabelJoe#318)) ([92ea4da](AnnabelJoe@92ea4da))
* add mainnet deployment process and checklist to deployments.md ([AnnabelJoe#285](AnnabelJoe#285)) ([c08ad58](AnnabelJoe@c08ad58))
* add operational runbooks ([AnnabelJoe#315](AnnabelJoe#315)) ([2638a9f](AnnabelJoe@2638a9f))
* add OWASP Top 10 security review and remediate misconfiguration ([AnnabelJoe#334](AnnabelJoe#334)) ([092e901](AnnabelJoe@092e901))
* add SECRETS.md — centralized secrets management guide ([AnnabelJoe#289](AnnabelJoe#289)) ([90eed76](AnnabelJoe@90eed76))
* add Stellar mainnet deployment checklist and go-live plan ([120d730](AnnabelJoe@120d730)), closes [AnnabelJoe#142](AnnabelJoe#142)
* add user guide for web dashboard (closes [AnnabelJoe#317](AnnabelJoe#317)) ([eb1a425](AnnabelJoe@eb1a425))
* **audit:** add security audit engagement tracking and remediation policy ([bca11a2](AnnabelJoe@bca11a2))
* **contracts:** add/enhance Rust doc comments on all public functions ([AnnabelJoe#319](AnnabelJoe#319)) ([18c472a](AnnabelJoe@18c472a))
* create SECURITY.md with vulnerability disclosure policy ([AnnabelJoe#314](AnnabelJoe#314)) ([7698660](AnnabelJoe@7698660))
* **performance:** ensure load test baseline + breaking point documentation ([9a0056a](AnnabelJoe@9a0056a))
* standardize CHANGELOG.md and update PR template [AnnabelJoe#312](AnnabelJoe#312) ([8281f08](AnnabelJoe@8281f08))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Achieve 80% test coverage across the Next.js API routes

2 participants