원클릭으로
audit-test-coverage
Audit test coverage — inventory tests by type, find critical untested paths
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Audit test coverage — inventory tests by type, find critical untested paths
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Fill missing type, title, and description frontmatter on documents using structured AI output
Download a web page by URL and save it as clean markdown with images
Audit for accessibility — keyboard navigation, ARIA labels, contrast, focus indicators
Produce a full dependency health report (SBOM, vulnerabilities, staleness, upgrades, licenses)
Audit error handling UX — error boundaries, silent failures, loading states, empty states
Audit for unnecessary re-renders — Zustand subscriptions, missing memoization, inline callbacks
| name | audit-test-coverage |
| description | Audit test coverage — inventory tests by type, find critical untested paths |
| user-invocable | true |
Audit what is and isn't tested, and identify gaps in test coverage. This is a research-only audit — do not modify any code.
Find all test files and categorize them:
.test.ts, .test.tsx, .spec.ts)#[cfg(test)] modules, #[test] functions in src-tauri/For each category, count test files and cases by actually running/globbing — do not copy counts from any doc (docs drift; see the documentation audit). Suggested measured commands:
rg -l "it\(|test\(" src --glob '*.test.ts*' | wc -lrg -c "\bit\(|\btest\(" src --glob '*.test.ts*' | awk -F: '{s+=$2} END{print s}'ls e2e/tests/**/*.spec.ts | wc -lls e2e-real/tests/**/*.ts | wc -lrg -l "#\[(tokio::)?test\]" src-tauri/src | wc -l
Report which categories exist and which are entirely missing, with the measured numbers
and the date measured.Check if these core flows have any test coverage:
| Flow | Where to look |
|---|---|
| Markdown round-trip (parse → serialize → compare) | tests/, src/lib/markdown.ts |
| File save/load cycle | src/hooks/useFileOperations.ts |
| AI streaming (all providers) | src/hooks/useAIOperations.ts |
| Agent lifecycle (spawn → auth → prompt → cleanup) | src/hooks/useAcpLifecycle.ts |
| Store persistence and rehydration | All stores with persist middleware |
| Editor state cache (tab switch preserve/restore) | src/components/editor/Editor.tsx |
| Tauri command error handling | src-tauri/src/commands/ |
| Comment delegation flow | src/hooks/useCommentDelegation.ts |
| Inline completion (ghost text) | src/hooks/useCopilotCompletion.ts |
| PDF export pipeline | src-tauri/src/export/ |
Rank untested code by blast radius, not by tier. The highest-value gaps are (a) security boundaries and (b) silent-data-loss branches. Before reporting "well covered," verify each boundary below has a dedicated test, then look for the boundaries and async orchestrators that slip through because they live in hooks, not in obviously-security-named files.
Security-boundary modules that MUST have dedicated tests (confirm each, name the test file):
src/lib/ai/acp-utils.ts (getChatSandboxScope),
src-tauri/src/commands/sandbox.rssrc/lib/ai/path-filter.ts / src/lib/tool-executor.ts
(isToolCallAllowed, FILESYSTEM_TOOLS)src/lib/ai/uri-scope.ts (isUriInScope)src/lib/__tests__/tauri-capability-surface.test.tssrc-tauri/src/commands/network_proxy.rspersist store, especially permission-store,
chat-store, editor-store, settings-storeA boundary being "tested" is not enough — judge whether the tests are adversarial.
For a domain allowlist or path filter, a happy-path "allowed domain is allowed" test
does NOT protect the boundary. Demand lookalike / suffix-confusion / wildcard-abuse
cases (e.g. evil-api.anthropic.com.attacker.com must NOT match api.anthropic.com;
a sibling project path must NOT pass isToolCallAllowed for the selected project).
A security proxy with only a handful of happy-path tests is a MEDIUM-or-higher gap
(e.g. a network proxy with 7 happy-path tests and no lookalike/suffix cases, or a
capability-surface test that locks assetProtocol and the absence of fs:allow-* but
never asserts the http:default allowlist is narrow — so a widening to https://**
would slip through).
Async orchestrator hooks coordinate event-bus routing, job state machines, and
destructive filesystem moves — they are high-risk and easy to miss because they are
not in commands/ or named "security". For each orchestrator hook, check for a
__tests__/*.test.ts sibling and, if absent, rank by whether a regression is silent.
Look specifically for:
jobId mismatch
or partial-progress crash ships silently if untested (e.g. a capture-stop →
transcribe → render → bundle → move pipeline with no test — assert state
transitions, jobId-scoped progress routing, and that a failed transcribe leaves the
bundle re-runnable in the inbox).externalChangeDiffReview setting between silent auto-reload and an
Accept/Reject/Dismiss inline-diff path; assert the reload toast vs the
external-change-store addChange + change toast per branch).A test that reconstructs production configuration instead of importing it protects a copy, not the real thing — it can pass while production silently breaks. Flag any test that hand-assembles a list the production code also assembles (extension sets, provider lists, tool registries, schema node lists).
StarterKit + Table + Callout + …, a node added
to production (Mermaid, page-break variants) is never round-tripped until someone
also edits the test's import list — so the "#1 spec gate" passes on a stale parallel
editor. Fix is single-sourcing: export the production array and import it in both.For existing tests, check:
transcribe_file,
the event bus) but assert on the resulting STORE STATE / TOAST, not on the mock.persist store with a version bump or a
shape change, there must be a test that feeds OLD persisted state and asserts the
migration produces the new shape (e.g. permission-store flat→ScopedApproval triples,
chat-store startMessageIndex→startMessageId). A migration with no old-state fixture
is an untested upgrade path — rank MEDIUM, HIGH if the store holds security state
(permission-store).setTimeout, waitFor with short timeouts)Check #[cfg(test)] modules in src-tauri/src/:
First confirm whether a category is truly absent or merely incomplete — a large suite (hundreds of files, thousands of cases) usually has every category present, so the real risk is a specific high-value module with zero tests, not a missing tier.
Do NOT report "no E2E tests" / "no integration tests" without running the suite and counting first — the inventory step must precede the verdict.
Start with an overview table. Fill in the actual counts you find — the row values below are placeholders (N/M), not real numbers. Count every test type that exists in the repo (the codebase has Playwright E2E in e2e/ and WebDriverIO real-E2E in e2e-real/, so those rows should reflect real counts, not zero):
### Test Inventory
| Type | Files | Tests | Coverage |
| --- | --- | --- | --- |
| Unit (TypeScript) | N | M | src/lib/, src/hooks/ |
| Round-trip | N | M | Markdown parse/serialize |
| Rust unit | N | M | src-tauri/src/ |
| Integration | N | M | <where, or "None"> |
| End-to-end (Playwright) | N | M | e2e/ |
| End-to-end (WebDriverIO) | N | M | e2e-real/ |
Then list critical untested paths:
### HIGH: No end-to-end tests
The app has no E2E test suite. User-facing flows (open folder → edit file → save → verify) are only tested manually.
**Recommendation:** Add Playwright or Tauri's built-in WebDriver test support for critical flows.
End with a ### Confirmed Good Patterns section.
Files: src/hooks/useAIOperations.ts, src-tauri/src/commands/ai.rs
The AI streaming flow (SSE parsing, thinking detection, citation extraction, tool call handling) is entirely untested. Regressions in stream parsing would only be caught by manual testing.
Recommendation: Add unit tests for SSE chunk parsing and thinking tag extraction. Mock the HTTP layer, test the parsing logic.