diff --git a/.github/agents/Backend_Dev.agent.md b/.github/agents/Backend_Dev.agent.md index c9f6b17e..d20fc119 100644 --- a/.github/agents/Backend_Dev.agent.md +++ b/.github/agents/Backend_Dev.agent.md @@ -44,7 +44,7 @@ Your priority is writing code that is clean, tested, and secure by default. - Run `go mod tidy`. - Run `go fmt ./...`. - Run `go test ./...` to ensure no regressions. - - **Coverage (MANDATORY)**: Run the coverage script explicitly. This is NOT run by pre-commit automatically. + - **Coverage (MANDATORY)**: Run the coverage task/script explicitly and confirm Codecov Patch view is green for modified lines. - **MANDATORY**: Patch coverage must cover 100% of new/modified code. This prevents CodeCov Report failing CI. - **VS Code Task**: Use "Test: Backend with Coverage" (recommended) - **Manual Script**: Execute `/projects/Charon/scripts/go-test-coverage.sh` from the root directory diff --git a/.github/agents/Frontend_Dev.agent.md b/.github/agents/Frontend_Dev.agent.md index 552f6fe5..8f90abbe 100644 --- a/.github/agents/Frontend_Dev.agent.md +++ b/.github/agents/Frontend_Dev.agent.md @@ -53,6 +53,7 @@ You do not just "make it work"; you make it **feel** professional, responsive, a - Run `npm run test:ci`. - **Gate 3: Coverage (MANDATORY)**: - **MANDATORY**: Patch coverage must cover 100% of new/modified code. This prevents CodeCov Report failing CI. + - If patch coverage fails, identify missing patch line ranges in Codecov Patch view and add targeted tests. - **VS Code Task**: Use "Test: Frontend with Coverage" (recommended) - **Manual Script**: Execute `/projects/Charon/scripts/frontend-test-coverage.sh` from the root directory - **Minimum**: 85% coverage (configured via `CHARON_MIN_COVERAGE` or `CPM_MIN_COVERAGE`) diff --git a/.github/agents/QA_Security.agent.md b/.github/agents/QA_Security.agent.md index d085e727..b256a071 100644 --- a/.github/agents/QA_Security.agent.md +++ b/.github/agents/QA_Security.agent.md @@ -31,7 +31,7 @@ Your job is to act as an ADVERSARY. The Developer says "it works"; your job is t - **Creation**: Write a new test file (e.g., `internal/api/tests/audit_test.go`) to test the *flow*. - **Run**: Execute `.github/skills`, `go test ./internal/api/tests/...` (or specific path). Run local CodeQL and Trivy scans (they are built as VS Code Tasks so they just need to be triggered to run), pre-commit all files, and triage any findings. - **GolangCI-Lint (CRITICAL)**: Always run VS Code task "Lint: GolangCI-Lint (Docker)" - NOT "Lint: Go Vet". The Go Vet task only runs `go vet` which misses gocritic, bodyclose, and other linters that CI runs. GolangCI-Lint in Docker ensures parity with CI. - - When creating tests, if there are folders that don't require testing make sure to update `codecov.yml` to exclude them from coverage reports or this throws off the difference between local and CI coverage. + - Prefer fixing patch coverage with tests. Only adjust `.codecov.yml` ignores when code is truly non-production (e.g., test-only helpers), and document why. - **Cleanup**: If the test was temporary, delete it. If it's valuable, keep it. diff --git a/.github/agents/Supervisor.agent.md b/.github/agents/Supervisor.agent.md index 18b77948..a13031bd 100644 --- a/.github/agents/Supervisor.agent.md +++ b/.github/agents/Supervisor.agent.md @@ -15,6 +15,7 @@ You ensure that plans are robust, data contracts are sound, and best practices a - **Socratic Guardrails**: If an agent proposes a risky shortcut (e.g., skipping validation), do not correct the code. Instead, ask: "How does this approach affect our data integrity long-term?" - **Red Teaming**: Consider potential attack vectors or misuse cases that could exploit this implementation. Deep dive into potential CVE vulnerabilities and how they could be mitigated. - **Plan Completeness**: Does the plan cover all edge cases? Are there any missing components or unclear requirements? + - **Patch Coverage Completeness**: If coverage is in scope, does the plan include Codecov Patch missing/partial line ranges and the exact tests needed to execute them? - **Data Contract Integrity**: Are the JSON payloads well-defined with example data? Do they align with best practices for API design? - **Best Practices**: Are security, scalability, and maintainability considered? Are there any risky shortcuts proposed? - **Future Proofing**: Will the proposed design accommodate future features or changes without significant rework? diff --git a/.github/instructions/copilot-instructions.md b/.github/instructions/copilot-instructions.md index f8508856..0fec2ab5 100644 --- a/.github/instructions/copilot-instructions.md +++ b/.github/instructions/copilot-instructions.md @@ -108,7 +108,7 @@ Before marking an implementation task as complete, perform the following in orde - Do not output code that violates pre-commit standards. 3. **Coverage Testing** (MANDATORY - Non-negotiable): - - **MANDATORY**: Patch coverage must cover 100% of new/modified code. This prevents CodeCov Report failing CI. + - **MANDATORY**: Patch coverage must cover 100% of modified lines (Codecov Patch view must be green). If patch coverage fails, add targeted tests for the missing patch line ranges. - **Backend Changes**: Run the VS Code task "Test: Backend with Coverage" or execute `scripts/go-test-coverage.sh`. - Minimum coverage: 85% (set via `CHARON_MIN_COVERAGE` or `CPM_MIN_COVERAGE`). - If coverage drops below threshold, write additional tests to restore coverage. diff --git a/.github/instructions/taming-copilot.instructions.md b/.github/instructions/taming-copilot.instructions.md index 82847ac1..e5d63d35 100644 --- a/.github/instructions/taming-copilot.instructions.md +++ b/.github/instructions/taming-copilot.instructions.md @@ -24,6 +24,7 @@ This section outlines the absolute order of operations. These rules have the hig - **Standard First**: Heavily favor standard library functions and widely accepted, common programming patterns. Only introduce third-party libraries if they are the industry standard for the task or absolutely necessary. - **Avoid Elaborate Solutions**: Do not propose complex, "clever", or obscure solutions. Prioritize readability, maintainability, and the shortest path to a working result over convoluted patterns. - **Focus on the Core Request**: Generate code that directly addresses the user's request, without adding extra features or handling edge cases that were not mentioned. +- **Spec Hygiene**: When asked to update a plan/spec file, do not append unrelated/archived plans; keep it strictly scoped to the current task. ## Surgical Code Modification diff --git a/.github/instructions/testing.instructions.md b/.github/instructions/testing.instructions.md index a36e050f..76a97630 100644 --- a/.github/instructions/testing.instructions.md +++ b/.github/instructions/testing.instructions.md @@ -16,3 +16,5 @@ description: 'Strict protocols for test execution, debugging, and coverage valid ## 3. Coverage & Completion * **Coverage Gate:** A task is not "Complete" until a coverage report is generated. * **Threshold Compliance:** You must compare the final coverage percentage against the project's threshold (Default: 85% unless specified otherwise). If coverage drops, you must identify the "uncovered lines" and add targeted tests. +* **Patch Coverage Gate (Codecov):** If production code is modified, Codecov **patch coverage must be 100%** for the modified lines. Do not relax thresholds; add targeted tests. +* **Patch Triage Requirement:** Plans must include the exact missing/partial patch line ranges copied from Codecov’s **Patch** view.