docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-224352.md

# 2026-03-27 Q-004 Coverage Remediation Pass 4

## Scope

- Continue remediating the remaining real `Q-004` gaps after Pass 3.
- This pass focused on:
  - low-coverage frontend service adapters
  - deeper non-network `internal/auth/providers` branches

## Changes

### Frontend

- Added adapter-level regression coverage in:
  - `frontend/admin/src/services/service_adapters_additional.test.ts`
- Coverage added for:
  - `users.ts`
  - `roles.ts`
  - `devices.ts`
  - `profile.ts`
  - `login-logs.ts`
  - `operation-logs.ts`
  - `permissions.ts`
  - `stats.ts`
  - `import-export.ts`
- During strict verification, `tsc -b` exposed two test-payload type mismatches in the new permission-service test data.
  - These were fixed in the test code before final validation.

### Backend

- Added provider non-network tests in:
  - `internal/auth/providers/provider_crypto_test.go`
  - `internal/auth/providers/http_test.go` (expanded)
- Newly covered provider logic includes:
  - Alipay private-key parsing for raw PKCS#8 and PEM PKCS#1 input
  - Alipay parameter signing and signature verification
  - Twitter PKCE verifier/challenge/auth URL generation
  - OAuth helper error handling for empty-body and long-body non-2xx responses

## Verified Commands

```powershell
cd D:\project\frontend\admin
npm.cmd run test:run -- src/services/service_adapters_additional.test.ts src/services/users.test.ts
npm.cmd run lint
npm.cmd run build
npm.cmd run test:coverage

cd D:\project
$env:GOCACHE='D:\project\.tmp\gocache'
$env:GOPATH='D:\project\.tmp\go'
$env:GOMODCACHE='D:\project\.tmp\go\pkg\mod'
go test ./internal/auth/providers -count=1
go test ./internal/auth/providers ./internal/repository -cover
go test ./... -count=1
go vet ./...
go build ./cmd/server
```

## Results

### Frontend coverage

- Overall:
  - statements `52.05%`
  - branches `42.86%`
  - functions `51.84%`
  - lines `52.69%`
- Target areas:
  - `services`: `86.2%` statements, `90.9%` branches
  - `src/pages/admin/UsersPage/UsersPage.tsx`: `90.98%`
  - `src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx`: `70.17%`

### Backend coverage

- `internal/auth/providers`: `15.2%`
- `internal/repository`: `37.1%`

## Real Conclusion

- This pass substantially reduced the frontend service-layer gap; that is no longer a primary blocker for `Q-004`.
- `internal/auth/providers` improved again, but it is still materially under-covered.
- `Q-004` still cannot be honestly declared closed.
- The main remaining real gaps are now concentrated in:
  - more untouched admin pages/components
  - deeper provider token/user-info parsing and error branches that can still be exercised without live network calls
docs: project docs, scripts, deployment configs, and evidence 2026-04-02 11:22:17 +08:00			`# 2026-03-27 Q-004 Coverage Remediation Pass 4`

			`## Scope`

			- Continue remediating the remaining real `Q-004` gaps after Pass 3.
			`- This pass focused on:`
			`- low-coverage frontend service adapters`
			- deeper non-network `internal/auth/providers` branches

			`## Changes`

			`### Frontend`

			`- Added adapter-level regression coverage in:`
			- `frontend/admin/src/services/service_adapters_additional.test.ts`
			`- Coverage added for:`
			- `users.ts`
			- `roles.ts`
			- `devices.ts`
			- `profile.ts`
			- `login-logs.ts`
			- `operation-logs.ts`
			- `permissions.ts`
			- `stats.ts`
			- `import-export.ts`
			- During strict verification, `tsc -b` exposed two test-payload type mismatches in the new permission-service test data.
			`- These were fixed in the test code before final validation.`

			`### Backend`

			`- Added provider non-network tests in:`
			- `internal/auth/providers/provider_crypto_test.go`
			- `internal/auth/providers/http_test.go` (expanded)
			`- Newly covered provider logic includes:`
			`- Alipay private-key parsing for raw PKCS#8 and PEM PKCS#1 input`
			`- Alipay parameter signing and signature verification`
			`- Twitter PKCE verifier/challenge/auth URL generation`
			`- OAuth helper error handling for empty-body and long-body non-2xx responses`

			`## Verified Commands`

			```powershell
			`cd D:\project\frontend\admin`
			`npm.cmd run test:run -- src/services/service_adapters_additional.test.ts src/services/users.test.ts`
			`npm.cmd run lint`
			`npm.cmd run build`
			`npm.cmd run test:coverage`

			`cd D:\project`
			`$env:GOCACHE='D:\project\.tmp\gocache'`
			`$env:GOPATH='D:\project\.tmp\go'`
			`$env:GOMODCACHE='D:\project\.tmp\go\pkg\mod'`
			`go test ./internal/auth/providers -count=1`
			`go test ./internal/auth/providers ./internal/repository -cover`
			`go test ./... -count=1`
			`go vet ./...`
			`go build ./cmd/server`
			```

			`## Results`

			`### Frontend coverage`

			`- Overall:`
			- statements `52.05%`
			- branches `42.86%`
			- functions `51.84%`
			- lines `52.69%`
			`- Target areas:`
			- `services`: `86.2%` statements, `90.9%` branches
			- `src/pages/admin/UsersPage/UsersPage.tsx`: `90.98%`
			- `src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx`: `70.17%`

			`### Backend coverage`

			- `internal/auth/providers`: `15.2%`
			- `internal/repository`: `37.1%`

			`## Real Conclusion`

			- This pass substantially reduced the frontend service-layer gap; that is no longer a primary blocker for `Q-004`.
			- `internal/auth/providers` improved again, but it is still materially under-covered.
			- `Q-004` still cannot be honestly declared closed.
			`- The main remaining real gaps are now concentrated in:`
			`- more untouched admin pages/components`
			`- deeper provider token/user-info parsing and error branches that can still be exercised without live network calls`