[HIGH] Test coverage gaps

[iamgp]

This issue tracks critical test coverage gaps identified in the audit.

Critical Coverage Gaps

1. authz CLI commands completely untested

File: src/phlo/cli/commands/authz.py (332 lines)
Five security-critical subcommands (validate, plan, sync, verify, revert) for RBAC management have zero tests.

2. 8 of 9 hook event emitter types untested

File: src/phlo/hooks/emitters.py
Missing tests for: Transform, Publish, QualityResult, Lineage, Telemetry, ServiceLifecycle, SchemaMigration, DataMigration emitters.

3. RBAC Sync Controller untested

File: src/phlo/rbac/sync.py (325 lines)
Complex orchestration of policy compilation, backend synchronization, verification, and revert.

4. OPA Authorization Backend untested

File: src/phlo/capabilities/authorization_opa.py (236 lines)
HTTP communication with OPA servers, decision translation, error handling completely untested.

High Priority Coverage Gaps

5. Schema Registry CLI commands

File: src/phlo/cli/commands/schema_registry_cli.py lines 38-119

6. Migration Source Adapters

File: src/phlo/migrations/adapters.py lines 36-124

7. Migration Spec Parser Edge Cases

File: src/phlo/migrations/parser.py lines 22-97

8. Metrics CLI Asset and Export Commands

File: src/phlo/cli/commands/metrics.py lines 60-136

9. Plugin Discovery Internal Modules

Files: src/phlo/plugins/discovery/_*.py (12 private modules)

10. RBAC Config Loader File Operations

File: src/phlo/rbac/config.py lines 15-140

---

Severity: P1 - High
Category: Test Coverage
Audit Reference: AUDIT.md