ln-634-test-coverage-auditor

仓库: levnikolaevich/claude-code-skills
安装量: 123
排名: #6955

安装

npx skills add https://github.com/levnikolaevich/claude-code-skills --skill ln-634-test-coverage-auditor

Specialized worker identifying missing tests for critical business logic.

Purpose & Scope

  • Worker in ln-630 coordinator pipeline

  • Audit Coverage Gaps (Category 4: High Priority)

  • Identify untested critical paths

  • Classify by category (Money, Security, Data, Core Flows)

  • Calculate compliance score (X/10)

Inputs (from Coordinator)

Receives contextStore with critical paths classification, codebase structure, test file list.

Domain-aware fields (NEW):

  • domain_mode: "domain-aware" | "global" (optional, defaults to "global")

  • current_domain: {name, path} when domain_mode="domain-aware"

Example contextStore (domain-aware):

{
  "tech_stack": {...},
  "best_practices": {...},
  "testFilesMetadata": [...],
  "codebase_root": "/project",
  "domain_mode": "domain-aware",
  "current_domain": {
    "name": "orders",
    "path": "src/orders"
  }
}

Workflow

  • Parse context from contextStore

Extract tech_stack, best_practices, testFilesMetadata

  • Determine scan_path (NEW):
IF domain_mode == "domain-aware":
  scan_path = codebase_root + "/" + current_domain.path
  domain_name = current_domain.name
ELSE:
  scan_path = codebase_root
  domain_name = null
  • Identify critical paths in scan_path (not entire codebase)

Scan production code in scan_path for money/security/data keywords

  • All Grep/Glob patterns use scan_path (not codebase_root)

  • Example: Grep(pattern="payment|refund|discount", path=scan_path)

  • Check test coverage for each critical path

Search ALL test files for coverage (tests may be in different location than production code)

  • Match by function name, module name, or test description

  • Collect missing tests

Tag each finding with domain: domain_name (if domain-aware)

  • Calculate score

  • Return JSON with domain metadata

Include domain and scan_path fields (if domain-aware)

Critical Paths Classification

1. Money Flows (Priority 20+)

What: Any code handling financial transactions

Examples:

  • Payment processing (/payment, processPayment())

  • Discounts/promotions (calculateDiscount(), applyPromoCode())

  • Tax calculations (calculateTax(), getTaxRate())

  • Refunds (processRefund(), /refund)

  • Invoices/billing (generateInvoice(), createBill())

  • Currency conversion (convertCurrency())

Min Priority: 20

Why Critical: Money loss, fraud, legal compliance

2. Security Flows (Priority 20+)

What: Authentication, authorization, encryption

Examples:

  • Login/logout (/login, authenticate())

  • Token refresh (/refresh-token, refreshAccessToken())

  • Password reset (/forgot-password, resetPassword())

  • Permissions/RBAC (checkPermission(), hasRole())

  • Encryption/hashing (custom crypto logic, NOT bcrypt/argon2)

  • API key validation (validateApiKey())

Min Priority: 20

Why Critical: Security breach, data leak, unauthorized access

3. Data Integrity (Priority 15+)

What: CRUD operations, transactions, validation

Examples:

  • Critical CRUD (createUser(), deleteOrder(), updateProduct())

  • Database transactions (withTransaction())

  • Data validation (custom validators, NOT framework defaults)

  • Data migrations (runMigration())

  • Unique constraints (checkDuplicateEmail())

Min Priority: 15

Why Critical: Data corruption, lost data, inconsistent state

4. Core User Journeys (Priority 15+)

What: Multi-step flows critical to business

Examples:

  • Registration → Email verification → Onboarding

  • Search → Product details → Add to cart → Checkout

  • Upload file → Process → Download result

  • Submit form → Approval workflow → Notification

Min Priority: 15

Why Critical: Broken user flow = lost customers

Audit Rules

1. Identify Critical Paths

Process:

  • Scan codebase for money-related keywords: payment, refund, discount, tax, price, currency

  • Scan for security keywords: auth, login, password, token, permission, encrypt

  • Scan for data keywords: transaction, validation, migration, constraint

  • Scan for user journeys: multi-step flows in routes/controllers

2. Check Test Coverage

For each critical path:

  • Search test files for matching test name/description

  • If NO test found → add to missing tests list

  • If test found but inadequate (only positive, no edge cases) → add to gaps list

3. Categorize Gaps

Severity by Priority:

  • CRITICAL: Priority 20+ (Money, Security)

  • HIGH: Priority 15-19 (Data, Core Flows)

  • MEDIUM: Priority 10-14 (Important but not critical)

4. Provide Justification

For each missing test:

  • Explain WHY it's critical (money loss, security breach, etc.)

  • Suggest test type (E2E, Integration, Unit)

  • Estimate effort (S/M/L)

Scoring Algorithm

critical_paths = count of critical paths
tested_paths = count of critical paths with tests
coverage_percentage = (tested_paths / critical_paths) * 100
score = coverage_percentage / 10  // 100% coverage = 10 score
score = max(0, min(10, score))

Output Format

Global mode output:

{
  "category": "Coverage Gaps",
  "score": 6,
  "critical_paths_total": 25,
  "tested_paths": 15,
  "untested_paths": 10,
  "coverage_percentage": 60,
  "findings": [
    {
      "severity": "CRITICAL",
      "category": "Money",
      "missing_test": "E2E: Payment with discount code",
      "location": "services/payment.ts:processPayment()",
      "priority": 25,
      "justification": "Money calculation with discount logic — high risk of incorrect total",
      "test_type": "E2E",
      "effort": "M"
    }
  ]
}

Domain-aware mode output (NEW):

{
  "category": "Coverage Gaps",
  "score": 7,
  "domain": "orders",
  "scan_path": "src/orders",
  "critical_paths_total": 12,
  "tested_paths": 8,
  "untested_paths": 4,
  "coverage_percentage": 67,
  "findings": [
    {
      "severity": "CRITICAL",
      "category": "Money",
      "missing_test": "E2E: applyDiscount() with edge cases",
      "location": "src/orders/services/order.ts:45",
      "priority": 25,
      "justification": "Discount calculation in orders domain — high risk of incorrect total",
      "test_type": "E2E",
      "effort": "M",
      "domain": "orders"
    },
    {
      "severity": "HIGH",
      "category": "Data Integrity",
      "missing_test": "Integration: orderTransaction() rollback",
      "location": "src/orders/repositories/order.ts:78",
      "priority": 18,
      "justification": "Data corruption risk in orders domain",
      "test_type": "Integration",
      "effort": "M",
      "domain": "orders"
    }
  ]
}

Critical Rules

  • Domain-aware scanning: If domain_mode="domain-aware", scan ONLY scan_path production code (not entire codebase)

  • Tag findings: Include domain field in each finding when domain-aware

  • Test search scope: Search ALL test files for coverage (tests may be in different location than production code)

  • Match by name: Use function name, module name, or test description to match tests to production code

Definition of Done

  • contextStore parsed (including domain_mode and current_domain)

  • scan_path determined (domain path or codebase root)

  • Critical paths identified in scan_path (Money, Security, Data, Core Flows)

  • Test coverage checked for each critical path

  • Missing tests collected with severity, priority, justification, domain

  • Score calculated

  • JSON returned to coordinator with domain metadata

Version: 3.0.0 Last Updated: 2025-12-23

返回排行榜