Improve test coverage from 82% to 90%+ #22
Description
Current Coverage Status
Overall: 82% (105 tests passed, 1 skipped)
Coverage by Module
| Module | Coverage | Missing Lines |
|---|---|---|
| Needs Improvement | ||
src/raja/enforcer.py |
52% | 26 lines |
src/raja/server/routers/control_plane.py |
63% | 52 lines |
src/raja/scope.py |
73% | 11 lines |
src/raja/token.py |
75% | 14 lines |
src/raja/server/routers/harness.py |
78% | 31 lines |
src/raja/server/app.py |
81% | 15 lines |
| Good Coverage | ||
src/raja/cedar/entities.py |
89% | 1 line |
src/raja/server/audit.py |
91% | 4 lines |
src/raja/rajee/authorizer.py |
91% | 5 lines |
src/raja/cedar/parser.py |
94% | 1 line |
src/raja/compiler.py |
95% | 2 lines |
src/raja/rajee/grants.py |
95% | 1 line |
src/raja/server/dependencies.py |
98% | 1 line |
src/raja/models.py |
98% | 1 line |
Priority Areas
1. Enforcer (52% → 90%+)
- Impact: Core authorization logic
- Missing: 26 lines of untested code
- Focus: Error handling, edge cases, validation paths
2. Control Plane Router (63% → 85%+)
- Impact: Policy compilation and management
- Missing: 52 lines of untested code
- Focus: API endpoints, error responses, validation
3. Scope Module (73% → 95%+)
- Impact: Fundamental scope parsing and matching
- Missing: 11 lines
- Focus: Edge cases in wildcard matching, error paths
4. Token Module (75% → 90%+)
- Impact: JWT operations
- Missing: 14 lines
- Focus: Token validation edge cases, expiration handling
5. Harness Router (78% → 85%+)
- Impact: Test harness functionality
- Missing: 31 lines
- Focus: Less critical but should improve for completeness
Recommended Actions
-
Add unit tests for enforcer edge cases
- Invalid token formats
- Expired tokens
- Missing required claims
- Wildcard scope matching edge cases
-
Expand control_plane router tests
- Error responses (400, 401, 404, 500)
- Invalid policy formats
- DynamoDB failure scenarios
- AVP integration failures
-
Test scope parsing edge cases
- Malformed scope strings
- Invalid wildcard patterns
- Boundary conditions
-
Add token validation tests
- Clock skew handling
- Algorithm validation
- Signature verification failures
-
Generate HTML coverage report for detailed analysis
- Run:
./poe test-cov - Open:
htmlcov/index.html - Identify specific untested lines
- Run:
Success Criteria
- Overall coverage ≥ 90%
- All core modules (enforcer, compiler, scope, token) ≥ 90%
- No critical paths without test coverage
- Property-based tests validate key invariants
Notes
- Current test suite: 105 tests (5 hypothesis, ~100 unit/integration)
- Tests run in ~27 seconds
- HTML coverage report available in
htmlcov/directory