docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-102456.md

# 2026-03-28 Q-004 Coverage Remediation Pass 12

## Scope

- Continue strict `Q-004` closure work after Pass 11.
- Fully close the remaining low-coverage `frontend/admin/src/lib/http/client.ts` module before moving to the next task.
- Re-verify closure through targeted tests plus full frontend validation.

## Changes

### Frontend

- Extended module coverage in:
  - `frontend/admin/src/lib/http/client.test.ts`
- Newly covered behavior includes:
  - business-error refresh rejection and session cleanup
  - request retry during an already in-flight refresh
  - failed shared-refresh retry when no access token remains
  - caller-provided `AbortSignal` propagation
  - download retry path that still ends in `401`
- Hardened refresh hygiene in:
  - `frontend/admin/src/lib/http/client.ts`
- Production code change:
  - the cached shared refresh promise is now stored as a non-rejecting waiter promise
  - this keeps concurrent waiters working while avoiding an unhandled rejected promise when refresh fails

### Backend

- No backend code changes were required in this pass.

## Verified Commands

```powershell
cd D:\project\frontend\admin
npm.cmd run test:run -- src/lib/http/client.test.ts
npm.cmd run lint
npm.cmd run build
npm.cmd run test:coverage
```

## Results

### Frontend coverage

- Overall:
  - statements `83.86%`
  - branches `72.68%`
  - functions `79.87%`
  - lines `84.72%`
- Target areas:
  - `src/lib/http/client.ts`: statements `100%`, branches `92.30%`, functions `100%`, lines `100%`
  - `src/lib/http/csrf.ts`: statements `100%`, branches `88.46%`, functions `100%`, lines `100%`
  - `src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx`: statements `70.17%`, branches `48.97%`, functions `67.92%`, lines `70.40%`

## Validation Notes

- Frontend full coverage now completes with `42` passing test files and `193` passing tests.
- The required sequential frontend validation path passed:
  - `test:run -- src/lib/http/client.test.ts`
  - `lint`
  - `build`
  - `test:coverage`
- The successful frontend coverage run still emits one post-summary jsdom `AggregateError` network-noise line.
  - It does not fail the command.
  - It remains a real validation-hygiene issue and should continue to be tracked honestly.

## Real Conclusion

- `src/lib/http/client.ts` is no longer an open `Q-004` gap.
- The `lib/http` hotspot is now closure-grade for the targeted modules covered in this pass.
- `Q-004` still cannot be honestly declared closed.
- The remaining highest-value frontend gap is now more concentrated in:
  - deeper remaining `ProfileSecurityPage` branches
  - the post-summary jsdom `AggregateError` coverage-noise hygiene issue
docs: project docs, scripts, deployment configs, and evidence 2026-04-02 11:22:17 +08:00			`# 2026-03-28 Q-004 Coverage Remediation Pass 12`

			`## Scope`

			- Continue strict `Q-004` closure work after Pass 11.
			- Fully close the remaining low-coverage `frontend/admin/src/lib/http/client.ts` module before moving to the next task.
			`- Re-verify closure through targeted tests plus full frontend validation.`

			`## Changes`

			`### Frontend`

			`- Extended module coverage in:`
			- `frontend/admin/src/lib/http/client.test.ts`
			`- Newly covered behavior includes:`
			`- business-error refresh rejection and session cleanup`
			`- request retry during an already in-flight refresh`
			`- failed shared-refresh retry when no access token remains`
			- caller-provided `AbortSignal` propagation
			- download retry path that still ends in `401`
			`- Hardened refresh hygiene in:`
			- `frontend/admin/src/lib/http/client.ts`
			`- Production code change:`
			`- the cached shared refresh promise is now stored as a non-rejecting waiter promise`
			`- this keeps concurrent waiters working while avoiding an unhandled rejected promise when refresh fails`

			`### Backend`

			`- No backend code changes were required in this pass.`

			`## Verified Commands`

			```powershell
			`cd D:\project\frontend\admin`
			`npm.cmd run test:run -- src/lib/http/client.test.ts`
			`npm.cmd run lint`
			`npm.cmd run build`
			`npm.cmd run test:coverage`
			```

			`## Results`

			`### Frontend coverage`

			`- Overall:`
			- statements `83.86%`
			- branches `72.68%`
			- functions `79.87%`
			- lines `84.72%`
			`- Target areas:`
			- `src/lib/http/client.ts`: statements `100%`, branches `92.30%`, functions `100%`, lines `100%`
			- `src/lib/http/csrf.ts`: statements `100%`, branches `88.46%`, functions `100%`, lines `100%`
			- `src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx`: statements `70.17%`, branches `48.97%`, functions `67.92%`, lines `70.40%`

			`## Validation Notes`

			- Frontend full coverage now completes with `42` passing test files and `193` passing tests.
			`- The required sequential frontend validation path passed:`
			- `test:run -- src/lib/http/client.test.ts`
			- `lint`
			- `build`
			- `test:coverage`
			- The successful frontend coverage run still emits one post-summary jsdom `AggregateError` network-noise line.
			`- It does not fail the command.`
			`- It remains a real validation-hygiene issue and should continue to be tracked honestly.`

			`## Real Conclusion`

			- `src/lib/http/client.ts` is no longer an open `Q-004` gap.
			- The `lib/http` hotspot is now closure-grade for the targeted modules covered in this pass.
			- `Q-004` still cannot be honestly declared closed.
			`- The remaining highest-value frontend gap is now more concentrated in:`
			- deeper remaining `ProfileSecurityPage` branches
			- the post-summary jsdom `AggregateError` coverage-noise hygiene issue