Skip to content

Daily Test Coverage ImproverResearch and Plan #18

Open
Open
Daily Test Coverage ImproverResearch and Plan#18
@github-actions

Description

@github-actions
github-actions
bot
opened on Mar 1, 2026

Repository Test Coverage Analysis

I've completed a comprehensive analysis of the microsoftgbb/corporate-website repository to understand its current test coverage state and develop a systematic improvement plan.

📊 Current State Summary

Repository Structure

The repository is a corporate website showcasing APM (AI Package Manager) capabilities with:

  • Frontend: Vanilla HTML/CSS/JavaScript with React components (Vite build system)
  • Backend: Python FastAPI server for contact form handling
  • Focus: GDPR compliance, accessibility (WCAG 2.1 AA), enterprise security standards

Existing Test Infrastructure

✅ Testing frameworks configured:

  • JavaScript/TypeScript: Vitest with v8 coverage provider, React Testing Library
  • Python: pytest with pytest-cov
  • Configuration files: vitest.config.js, pytest.ini in place

✅ Existing test files:

tests/
├── ContactForm.test.tsx           # React component tests
├── unit/
│   └── emailValidation.test.ts   # Email validation unit tests  
├── test_contact_handler.py        # Python backend tests (15 tests)
└── integration/
    └── test_api_endpoints.py      # API integration tests

⚠️ Recent Issues:

🎯 Test Coverage Findings

Source Code to Test

Frontend (TypeScript/JavaScript):

  • src/components/ContactForm.tsx (~170 lines) - Partially covered
  • src/utils/validation.ts (~217 lines) - Partially covered
  • src/api/contact.ts (~261 lines) - Minimal coverage
  • main.js - No coverage

Backend (Python):

  • server/contact_handler.py - Good coverage (15 tests)
  • backend/api/users.py - No tests found

Coverage Gaps Identified

🔴 High Priority - Security & Compliance Functions

  1. src/utils/validation.ts - Critical security utilities with incomplete coverage:

    • RateLimiter class - Rate limiting logic (0% coverage)
    • DataRetentionManager class - GDPR retention policies (0% coverage)
    • validatePhoneNumber() - International phone validation (0% coverage)
    • validateURL() - URL sanitization (0% coverage)
    • hashSensitiveData() - Cryptographic hashing (0% coverage)

  2. src/api/contact.ts - API layer with limited testing:

    • submitContactForm() - Main submission flow (minimal coverage)
    • exportUserData() - GDPR data export (0% coverage)
    • deleteUserData() - GDPR right to erasure (0% coverage)
    • Error handling paths (0% coverage)
    • CSRF token handling (0% coverage)

🟡 Medium Priority - Component Coverage

  1. src/components/ContactForm.tsx - Partial coverage:
    • Form submission success/error states
    • Edge cases in validation
    • Accessibility attributes
    • Loading states

🟢 Lower Priority - Additional Areas

  1. backend/api/users.py - Backend API (needs investigation)
  2. main.js - Application entry point
  3. Integration tests - End-to-end user flows

🚀 Improvement Strategy

Phase 3 Execution Plan

When Phase 3 begins, I will systematically target coverage gaps following this priority order:

Round 1: Security & Validation Utilities (Highest Impact)

Focus on src/utils/validation.ts:

  • Add comprehensive RateLimiter tests (constructor, isAllowed(), getRemaining())
  • Add DataRetentionManager tests (retention policies, expiry calculations)
  • Add validatePhoneNumber() tests (various international formats, edge cases)
  • Add validateURL() tests (protocol validation, dangerous pattern detection)
  • Add hashSensitiveData() tests (crypto API, output format)

Why first: These are security-critical functions handling user input sanitization, rate limiting, and GDPR compliance - bugs here create serious vulnerabilities.

Round 2: API Layer (GDPR Compliance)

Focus on src/api/contact.ts:

  • Test submitContactForm() success/failure paths
  • Test exportUserData() - GDPR right to data portability
  • Test deleteUserData() - GDPR right to erasure
  • Test CSRF token handling
  • Test audit logging in error scenarios

Why second: GDPR compliance functions must be thoroughly tested for legal requirements.

Round 3: Component Coverage

Focus on src/components/ContactForm.tsx:

  • Test form submission with various states
  • Test accessibility attributes in different scenarios
  • Test error recovery flows
  • Test loading/disabled states

Why third: Good UI coverage but not life-critical like security functions.

Round 4: Integration & Edge Cases

  • Backend backend/api/users.py investigation
  • End-to-end user flows
  • Performance edge cases

🛠️ Build & Test Commands

Setup & Dependencies

npm install                    # Install JavaScript dependencies
npm run build                  # Build project with Vite

Running Tests

# JavaScript/TypeScript tests
npm run test                   # Run tests
npm run test:coverage          # Run with coverage report

# Python tests  
python -m pytest tests/        # Run all Python tests
python -m pytest --cov=server --cov=backend --cov-report=html tests/
``````

### Coverage Report Locations
- **JavaScript**: `coverage/js/` - HTML and JSON reports
- **Python**: `coverage/python/` - HTML and JSON reports
- **Combined**: `coverage/combined/summary.md` - Merged summary

### Known Issues
- **Node.js version**: Vite requires Node 20+, currently on Node 18 (causes warnings)
- **Python tests**: Previously had import errors (now resolved per Issue #10)

---

## 📁 Test Organization Strategy

### Current Organization (Good!)
``````
tests/
├── ContactForm.test.tsx          # Component tests (co-located with tests/)
├── unit/                         # Unit tests for utilities
│   └── emailValidation.test.ts
├── integration/                  # Integration tests
│   └── test_api_endpoints.py
└── test_contact_handler.py       # Backend unit tests

New Tests Should Follow:

  • JavaScript unit tests: tests/unit/*.test.ts
  • JavaScript component tests: tests/*.test.tsx
  • Python unit tests: tests/test_*.py
  • Python integration tests: tests/integration/test_*.py
  • Naming: Descriptive names matching source file (e.g., validation.test.ts for validation.ts)

💡 Opportunities for Major Coverage Increases

1. Automated Testing for Security Functions

The validation.ts file contains 217 lines of security-critical code with minimal test coverage. Adding comprehensive tests here could dramatically improve security posture.

2. GDPR Compliance Testing Framework

Currently missing tests for GDPR-mandated features (data export, deletion, retention). Creating a dedicated test suite would ensure legal compliance.

3. Integration Test Expansion

Only one integration test file exists. Could add:

  • End-to-end form submission flows
  • Rate limiting enforcement tests
  • Audit logging verification
  • CSRF protection validation

4. Accessibility Testing Automation

Repository mentions WCAG 2.1 AA compliance but tests don't verify:

  • Screen reader compatibility
  • Keyboard navigation
  • Color contrast
  • Focus management

Could integrate jest-axe or similar for automated a11y testing.

❓ Questions for Maintainers

  1. Node.js version: Can we upgrade to Node 20+ to resolve Vitest warnings? Or should tests accommodate Node 18?

  2. Coverage targets: What's the desired overall coverage percentage? Industry standard is 80%, but security-critical code might need 95%+.

  3. Test priority: Do you agree with prioritizing security/validation utilities first? Any other critical paths?

  4. Backend API: Should backend/api/users.py be included in coverage efforts, or is it out of scope?

  5. Integration tests: Are there specific user flows that are high priority for end-to-end testing?

🎮 How to Control this Workflow

You can manage this workflow using the following commands:

# Disable the workflow
gh aw disable daily-test-improver --repo microsoftgbb/corporate-website

# Enable the workflow
gh aw enable daily-test-improver --repo microsoftgbb/corporate-website

# Run the workflow manually with optional repeats
gh aw run daily-test-improver --repo microsoftgbb/corporate-website --repeat (number-of-repeats)

# View workflow logs
gh aw logs daily-test-improver --repo microsoftgbb/corporate-website

🔄 What Happens Next

Phase 2 - Coverage Steps Configuration:

  • The next time this workflow runs, Phase 2 will be performed
  • Phase 2 will analyze the codebase and create a .github/actions/daily-test-improver/coverage-steps/action.yml configuration
  • This file will define the exact steps needed to build, test, and generate coverage reports
  • A pull request will be created for review

Phase 3 - Test Coverage Improvements:

  • After Phase 2 completes, Phase 3 will begin on subsequent runs
  • Phase 3 will systematically implement test coverage improvements following the strategy outlined above
  • Each iteration will target a specific coverage gap, create tests, measure improvement, and submit a draft PR

Repeat Mode:

  • If running in "repeat" mode, the workflow will automatically continue to the next phase
  • Otherwise, humans can review this research and add comments before proceeding

Your Feedback Matters:

  • Please add comments to this discussion with feedback, adjustments, or priorities
  • I'll incorporate your guidance when selecting areas to work on in Phase 3

Note: This was intended to be a discussion, but discussions could not be created due to permissions issues. This issue was created as a fallback.

AI generated by Daily Test Coverage Improver

To add this workflow in your repository, run gh aw add githubnext/agentics/workflows/daily-test-improver.md@e43596e069e74a65cd7d93315091672d278c2642. See usage guide.

  • expires on Mar 8, 2026, 9:16 AM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions