docs: project docs, scripts, deployment configs, and evidence

docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-212336.md

@@ -0,0 +1,80 @@
+# 2026-03-27 Q-004 Coverage Remediation
+
+## Scope
+
+- Objective: continue remediating `Q-004 自动化覆盖率不足，回归安全网偏薄`.
+- This round focused on the highest-value low-coverage areas identified in the audit:
+  - Frontend: `router`, auth guards, `AdminLayout`, `ImportExportPage`
+  - Backend: `internal/database`, `internal/auth/providers`
+
+## Changes
+
+### Frontend
+
+- Added route and guard regression tests:
+  - `frontend/admin/src/app/router.test.tsx`
+  - `frontend/admin/src/components/guards/guards.test.tsx`
+- Added navigation and permission-surface tests:
+  - `frontend/admin/src/layouts/AdminLayout/AdminLayout.test.tsx`
+- Added import/export product-flow tests:
+  - `frontend/admin/src/pages/admin/ImportExportPage/ImportExportPage.test.tsx`
+- Tightened the new router test so it passes both `vitest` and `tsc -b`.
+
+### Backend
+
+- Added database bootstrap and upgrade-path coverage:
+  - `internal/database/db_test.go`
+- Added provider auth URL/state coverage without live-network dependency:
+  - `internal/auth/providers/provider_urls_test.go`
+- Fixed Windows-specific SQLite test cleanup by explicitly closing the underlying `sql.DB` handle in `db_test.go`.
+- Removed an invalid provider test that attempted to hit the real Google endpoint during unit test execution.
+
+## Verified Commands
+
+```powershell
+cd D:\project\frontend\admin
+npm.cmd run test:run -- src/components/guards/guards.test.tsx src/app/router.test.tsx src/layouts/AdminLayout/AdminLayout.test.tsx src/pages/admin/ImportExportPage/ImportExportPage.test.tsx
+npm.cmd run lint
+npm.cmd run build
+npm.cmd run test:coverage
+
+cd D:\project
+go test ./internal/database ./internal/auth/providers -count=1
+go test ./... -count=1
+go vet ./...
+go test ./internal/auth/providers ./internal/database ./internal/repository -cover
+```
+
+## Results
+
+### Frontend coverage
+
+- Overall:
+  - statements `37.09%`
+  - branches `35.91%`
+  - functions `30.30%`
+  - lines `37.40%`
+- Target modules:
+  - `src/app/router.tsx`: `47.72%` statements
+  - `src/components/guards/RequireAuth.tsx`: `100%`
+  - `src/components/guards/RequireAdmin.tsx`: `100%`
+  - `src/layouts/AdminLayout/AdminLayout.tsx`: `80.00%`
+  - `src/pages/admin/ImportExportPage/ImportExportPage.tsx`: `83.58%`
+
+### Backend coverage
+
+- `internal/database`: `83.2%`
+- `internal/auth/providers`: `4.0%`
+- `internal/repository`: `10.5%`
+
+## Real Conclusion
+
+- This round materially improves the regression net around routing, auth gating, admin navigation, import/export flows, and database bootstrap behavior.
+- `Q-004` is improved but not fully closed.
+- The real remaining coverage gaps are now concentrated in:
+  - Frontend: `UsersPage`, `WebhooksPage`, large parts of `ProfileSecurityPage`, and several service/http branches
+  - Backend: `internal/repository` and deeper `internal/auth/providers` token-validation/error branches
+- Based on the current state, the next open remediation priority remains:
+  1. continue `Q-004` depth expansion
+  2. then `Q-005` dev toolchain SCA cleanup
+  3. then `Q-006` external alert delivery evidence closure