user-system/docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-003416.md

2026-03-28 Q-004 Coverage Remediation Pass 6

Scope

• Continue remediating the remaining real Q-004 gaps after Pass 5.
• This pass focused on:
  • fully closing the remaining internal/auth/providers depth gap
  • closing still-uncovered admin page clusters:
    • RolesPage
    • PermissionsPage
    • ProfilePage

Changes

Frontend

• Added page and modal coverage in:
  • frontend/admin/src/pages/admin/RolesPage/RolesPage.test.tsx
  • frontend/admin/src/pages/admin/RolesPage/RoleFormModal.test.tsx
  • frontend/admin/src/pages/admin/RolesPage/RolePermissionsModal.test.tsx
  • frontend/admin/src/pages/admin/PermissionsPage/PermissionsPage.test.tsx
  • frontend/admin/src/pages/admin/PermissionsPage/PermissionFormModal.test.tsx
  • frontend/admin/src/pages/admin/ProfilePage/ProfilePage.test.tsx
• Newly covered frontend behavior includes:
  • roles page filtering, reset, refresh, pagination, edit/create, permission assignment, status toggle, delete, and error retry
  • role create/edit modal submit, validation-error swallow path, and service-error path
  • role permissions modal load, check, submit, load-error, and submit-error paths
  • permissions page tree/list views, create/create-child/edit, refresh, status toggle, delete, and error retry
  • permission create/edit modal parent-default, parent-option recursion, validation-error swallow path, and service-error path
  • profile page fetch/hydration, submit success, fetch failure, and update failure

Backend

• Expanded provider transport coverage further in:
  • internal/auth/providers/provider_http_roundtrip_additional_test.go
• Newly covered provider logic includes:
  • AlipayProvider.ExchangeCode / GetUserInfo
  • DouyinProvider.ExchangeCode / GetUserInfo
  • GitHubProvider.ExchangeCode / GetUserInfo / getPrimaryEmail
  • GoogleProvider.ExchangeCode / RefreshToken
  • QQProvider.ExchangeCode / ValidateToken
  • TwitterProvider.ExchangeCode / GetUserInfo / RefreshToken / ValidateToken / RevokeToken
  • WeChatProvider.ExchangeCode / GetUserInfo / RefreshToken
  • WeiboProvider.ExchangeCode / GetUserInfo
  • FacebookProvider.ExchangeCode / ValidateToken / GetLongLivedToken
  • direct postFormWithContext request construction coverage

Verified Commands

cd D:\project
$env:GOCACHE='D:\project\.tmp\gocache'
$env:GOPATH='D:\project\.tmp\go'
$env:GOMODCACHE='D:\project\.tmp\go\pkg\mod'
go test ./internal/auth/providers -count=1
go test ./internal/auth/providers -coverprofile='.tmp\providers.cover.out' -count=1
go tool cover -func='.tmp\providers.cover.out'
go test ./internal/auth/providers ./internal/repository -cover -count=1
go test ./... -count=1
go vet ./...
go build ./cmd/server

cd D:\project\frontend\admin
npm.cmd run test:run -- src/pages/admin/RolesPage/RolesPage.test.tsx src/pages/admin/RolesPage/RoleFormModal.test.tsx src/pages/admin/RolesPage/RolePermissionsModal.test.tsx
npm.cmd run test:run -- src/pages/admin/PermissionsPage/PermissionsPage.test.tsx src/pages/admin/PermissionsPage/PermissionFormModal.test.tsx
npm.cmd run test:run -- src/pages/admin/ProfilePage/ProfilePage.test.tsx
npm.cmd run lint
npm.cmd run build
npm.cmd run test:coverage

Results

Frontend coverage

• Overall:
  • statements 68.32%
  • branches 54.12%
  • functions 68.15%
  • lines 69.28%
• Target areas:
  • src/pages/admin/RolesPage: 94.53% statements
    • RolesPage.tsx: 91.54%
    • RoleFormModal.tsx: 100%
    • RolePermissionsModal.tsx: 96.77%
  • src/pages/admin/PermissionsPage: 93.51% statements
    • PermissionsPage.tsx: 91.3%
    • PermissionFormModal.tsx: 97.43%
  • src/pages/admin/ProfilePage/ProfilePage.tsx: 91.42%

Backend coverage

• internal/auth/providers: 80.6%
• internal/repository: 37.1%

Validation Notes

• Frontend full coverage now completes with 34 passing test files and 113 passing tests.
• The successful frontend coverage run still emits one post-summary jsdom AggregateError network-noise line.
  • It does not fail the command.
  • It is still a real residual hygiene issue and should continue to be tracked honestly.

Real Conclusion

• This pass materially changed the real gap map:
  • internal/auth/providers is no longer one of the primary Q-004 blockers
  • RolesPage, PermissionsPage, and ProfilePage are no longer among the dominant uncovered admin page clusters
• Q-004 still cannot be honestly declared closed.
• The main remaining real gaps are now concentrated in:
  • internal/repository depth, still only 37.1%
  • still-uncovered frontend admin components, especially:
    • UsersPage drawers/modals
    • WebhooksPage modal/drawer components
    • deeper remaining ProfileSecurityPage branches
• Secondary remaining gap:
  • frontend validation still has the recurring post-summary jsdom AggregateError noise