docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-221835.md

# 2026-03-27 Q-004 Coverage Remediation Pass 3

## Scope

- Continue remediating `Q-004 自动化覆盖率不足`.
- This pass stayed on the remaining real gaps instead of moving to `Q-005`.
- Focus areas:
  - Frontend `UsersPage`
  - Frontend deeper `ProfileSecurityPage` action branches
  - Backend `internal/repository`
  - Backend `internal/auth/providers`

## Changes

### Frontend

- Added page-level regression tests for:
  - `frontend/admin/src/pages/admin/UsersPage/UsersPage.test.tsx`
  - `frontend/admin/src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.behavior.test.tsx`
- Newly covered user-facing branches include:
  - `UsersPage`
    - initial load
    - keyword filter and reset
    - refresh
    - create/detail/edit/assign-role overlay flows
    - self-delete guard
    - all status transition branches (`1 -> 3`, `3 -> 1`, `2 -> 1`, `0 -> 1`)
    - role-fetch failure
    - page error retry
  - `ProfileSecurityPage`
    - TOTP setup open
    - enable validation and success path
    - disable validation and success path
    - avatar type and size validation
    - valid avatar upload success path
    - device enable/disable/delete flows

### Backend

- Added repository regression tests in:
  - `internal/repository/repository_additional_test.go`
- Added provider non-network coverage in:
  - `internal/auth/providers/provider_urls_additional_test.go`
- Fixed one real repository defect in:
  - `internal/repository/device.go`
  - explicit `status=0` on device create was being swallowed by the DB default, causing inactive devices to persist as active

## Verified Commands

```powershell
cd D:\project\frontend\admin
npm.cmd run test:run -- src/pages/admin/UsersPage/UsersPage.test.tsx src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.behavior.test.tsx
npm.cmd run lint
npm.cmd run build
npm.cmd run test:coverage

cd D:\project
$env:GOCACHE='D:\project\.tmp\gocache'
$env:GOPATH='D:\project\.tmp\go'
$env:GOMODCACHE='D:\project\.tmp\go\pkg\mod'
go test ./internal/repository ./internal/auth/providers -count=1
go test ./internal/auth/providers ./internal/repository -cover
go test ./... -count=1
go vet ./...
go build ./cmd/server
```

## Results

### Frontend coverage

- Overall:
  - statements `49.18%`
  - branches `42.86%`
  - functions `44.92%`
  - lines `49.79%`
- Target modules:
  - `src/pages/admin/UsersPage/UsersPage.tsx`: `90.98%` statements, `68.75%` branches
  - `src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx`: `70.17%` statements, `48.97%` branches
  - `src/pages/admin/ProfileSecurityPage/ContactBindingsSection.tsx`: `85.29%` statements
  - `src/pages/admin/WebhooksPage/WebhooksPage.tsx`: `93.15%`
  - `src/pages/admin/ImportExportPage/ImportExportPage.tsx`: `83.58%`

### Backend coverage

- `internal/repository`: `37.1%`
- `internal/auth/providers`: `8.5%`

## Real Conclusion

- This pass materially reduced the previously explicit `UsersPage` and `ProfileSecurityPage` gaps.
- It also exposed and closed a real persistence bug in `DeviceRepository.Create`.
- `Q-004` has improved again, but it still cannot be honestly declared closed.
- The main remaining gaps are still:
  - low-coverage frontend service layers and multiple untouched admin pages
  - deeper `internal/auth/providers` non-network parsing/error paths
  - the rest of `internal/repository` beyond the newly covered device/login-log/password-history/operation-log paths
docs: project docs, scripts, deployment configs, and evidence 2026-04-02 11:22:17 +08:00			`# 2026-03-27 Q-004 Coverage Remediation Pass 3`

			`## Scope`

			- Continue remediating `Q-004 自动化覆盖率不足`.
			- This pass stayed on the remaining real gaps instead of moving to `Q-005`.
			`- Focus areas:`
			- Frontend `UsersPage`
			- Frontend deeper `ProfileSecurityPage` action branches
			- Backend `internal/repository`
			- Backend `internal/auth/providers`

			`## Changes`

			`### Frontend`

			`- Added page-level regression tests for:`
			- `frontend/admin/src/pages/admin/UsersPage/UsersPage.test.tsx`
			- `frontend/admin/src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.behavior.test.tsx`
			`- Newly covered user-facing branches include:`
			- `UsersPage`
			`- initial load`
			`- keyword filter and reset`
			`- refresh`
			`- create/detail/edit/assign-role overlay flows`
			`- self-delete guard`
			- all status transition branches (`1 -> 3`, `3 -> 1`, `2 -> 1`, `0 -> 1`)
			`- role-fetch failure`
			`- page error retry`
			- `ProfileSecurityPage`
			`- TOTP setup open`
			`- enable validation and success path`
			`- disable validation and success path`
			`- avatar type and size validation`
			`- valid avatar upload success path`
			`- device enable/disable/delete flows`

			`### Backend`

			`- Added repository regression tests in:`
			- `internal/repository/repository_additional_test.go`
			`- Added provider non-network coverage in:`
			- `internal/auth/providers/provider_urls_additional_test.go`
			`- Fixed one real repository defect in:`
			- `internal/repository/device.go`
			- explicit `status=0` on device create was being swallowed by the DB default, causing inactive devices to persist as active

			`## Verified Commands`

			```powershell
			`cd D:\project\frontend\admin`
			`npm.cmd run test:run -- src/pages/admin/UsersPage/UsersPage.test.tsx src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.behavior.test.tsx`
			`npm.cmd run lint`
			`npm.cmd run build`
			`npm.cmd run test:coverage`

			`cd D:\project`
			`$env:GOCACHE='D:\project\.tmp\gocache'`
			`$env:GOPATH='D:\project\.tmp\go'`
			`$env:GOMODCACHE='D:\project\.tmp\go\pkg\mod'`
			`go test ./internal/repository ./internal/auth/providers -count=1`
			`go test ./internal/auth/providers ./internal/repository -cover`
			`go test ./... -count=1`
			`go vet ./...`
			`go build ./cmd/server`
			```

			`## Results`

			`### Frontend coverage`

			`- Overall:`
			- statements `49.18%`
			- branches `42.86%`
			- functions `44.92%`
			- lines `49.79%`
			`- Target modules:`
			- `src/pages/admin/UsersPage/UsersPage.tsx`: `90.98%` statements, `68.75%` branches
			- `src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx`: `70.17%` statements, `48.97%` branches
			- `src/pages/admin/ProfileSecurityPage/ContactBindingsSection.tsx`: `85.29%` statements
			- `src/pages/admin/WebhooksPage/WebhooksPage.tsx`: `93.15%`
			- `src/pages/admin/ImportExportPage/ImportExportPage.tsx`: `83.58%`

			`### Backend coverage`

			- `internal/repository`: `37.1%`
			- `internal/auth/providers`: `8.5%`

			`## Real Conclusion`

			- This pass materially reduced the previously explicit `UsersPage` and `ProfileSecurityPage` gaps.
			- It also exposed and closed a real persistence bug in `DeviceRepository.Create`.
			- `Q-004` has improved again, but it still cannot be honestly declared closed.
			`- The main remaining gaps are still:`
			`- low-coverage frontend service layers and multiple untouched admin pages`
			- deeper `internal/auth/providers` non-network parsing/error paths
			- the rest of `internal/repository` beyond the newly covered device/login-log/password-history/operation-log paths