# 2026-03-27 Q-004 Coverage Remediation

## Scope

- Objective: continue remediating `Q-004 自动化覆盖率不足，回归安全网偏薄`.
- This round focused on the highest-value low-coverage areas identified in the audit:
  - Frontend: `router`, auth guards, `AdminLayout`, `ImportExportPage`
  - Backend: `internal/database`, `internal/auth/providers`

## Changes

### Frontend

- Added route and guard regression tests:
  - `frontend/admin/src/app/router.test.tsx`
  - `frontend/admin/src/components/guards/guards.test.tsx`
- Added navigation and permission-surface tests:
  - `frontend/admin/src/layouts/AdminLayout/AdminLayout.test.tsx`
- Added import/export product-flow tests:
  - `frontend/admin/src/pages/admin/ImportExportPage/ImportExportPage.test.tsx`
- Tightened the new router test so it passes both `vitest` and `tsc -b`.

### Backend

- Added database bootstrap and upgrade-path coverage:
  - `internal/database/db_test.go`
- Added provider auth URL/state coverage without live-network dependency:
  - `internal/auth/providers/provider_urls_test.go`
- Fixed Windows-specific SQLite test cleanup by explicitly closing the underlying `sql.DB` handle in `db_test.go`.
- Removed an invalid provider test that attempted to hit the real Google endpoint during unit test execution.

## Verified Commands

```powershell
cd D:\project\frontend\admin
npm.cmd run test:run -- src/components/guards/guards.test.tsx src/app/router.test.tsx src/layouts/AdminLayout/AdminLayout.test.tsx src/pages/admin/ImportExportPage/ImportExportPage.test.tsx
npm.cmd run lint
npm.cmd run build
npm.cmd run test:coverage

cd D:\project
go test ./internal/database ./internal/auth/providers -count=1
go test ./... -count=1
go vet ./...
go test ./internal/auth/providers ./internal/database ./internal/repository -cover
```

## Results

### Frontend coverage

- Overall:
  - statements `37.09%`
  - branches `35.91%`
  - functions `30.30%`
  - lines `37.40%`
- Target modules:
  - `src/app/router.tsx`: `47.72%` statements
  - `src/components/guards/RequireAuth.tsx`: `100%`
  - `src/components/guards/RequireAdmin.tsx`: `100%`
  - `src/layouts/AdminLayout/AdminLayout.tsx`: `80.00%`
  - `src/pages/admin/ImportExportPage/ImportExportPage.tsx`: `83.58%`

### Backend coverage

- `internal/database`: `83.2%`
- `internal/auth/providers`: `4.0%`
- `internal/repository`: `10.5%`

## Real Conclusion

- This round materially improves the regression net around routing, auth gating, admin navigation, import/export flows, and database bootstrap behavior.
- `Q-004` is improved but not fully closed.
- The real remaining coverage gaps are now concentrated in:
  - Frontend: `UsersPage`, `WebhooksPage`, large parts of `ProfileSecurityPage`, and several service/http branches
  - Backend: `internal/repository` and deeper `internal/auth/providers` token-validation/error branches
- Based on the current state, the next open remediation priority remains:
  1. continue `Q-004` depth expansion
  2. then `Q-005` dev toolchain SCA cleanup
  3. then `Q-006` external alert delivery evidence closure