chore: update coverage requirements and testing protocols across agent instructions and guidelines

.github/agents/Backend_Dev.agent.md

@@ -44,7 +44,7 @@ Your priority is writing code that is clean, tested, and secure by default.
     - Run `go mod tidy`.
     - Run `go fmt ./...`.
     - Run `go test ./...` to ensure no regressions.
-    - **Coverage (MANDATORY)**: Run the coverage script explicitly. This is NOT run by pre-commit automatically.
+    - **Coverage (MANDATORY)**: Run the coverage task/script explicitly and confirm Codecov Patch view is green for modified lines.
         - **MANDATORY**: Patch coverage must cover 100% of new/modified code. This prevents CodeCov Report failing CI.
         - **VS Code Task**: Use "Test: Backend with Coverage" (recommended)
         - **Manual Script**: Execute `/projects/Charon/scripts/go-test-coverage.sh` from the root directory

.github/agents/Frontend_Dev.agent.md

@@ -53,6 +53,7 @@ You do not just "make it work"; you make it **feel** professional, responsive, a
         - Run `npm run test:ci`.
     - **Gate 3: Coverage (MANDATORY)**:
         - **MANDATORY**: Patch coverage must cover 100% of new/modified code. This prevents CodeCov Report failing CI.
+        - If patch coverage fails, identify missing patch line ranges in Codecov Patch view and add targeted tests.
         - **VS Code Task**: Use "Test: Frontend with Coverage" (recommended)
         - **Manual Script**: Execute `/projects/Charon/scripts/frontend-test-coverage.sh` from the root directory
         - **Minimum**: 85% coverage (configured via `CHARON_MIN_COVERAGE` or `CPM_MIN_COVERAGE`)

.github/agents/QA_Security.agent.md

@@ -31,7 +31,7 @@ Your job is to act as an ADVERSARY. The Developer says "it works"; your job is t
     - **Creation**: Write a new test file (e.g., `internal/api/tests/audit_test.go`) to test the *flow*.
     - **Run**: Execute `.github/skills`, `go test ./internal/api/tests/...` (or specific path). Run local CodeQL and Trivy scans (they are built as VS Code Tasks so they just need to be triggered to run), pre-commit all files, and triage any findings.
         - **GolangCI-Lint (CRITICAL)**: Always run VS Code task "Lint: GolangCI-Lint (Docker)" - NOT "Lint: Go Vet". The Go Vet task only runs `go vet` which misses gocritic, bodyclose, and other linters that CI runs. GolangCI-Lint in Docker ensures parity with CI.
-        - When creating tests, if there are folders that don't require testing make sure to update `codecov.yml` to exclude them from coverage reports or this throws off the difference between local and CI coverage.
+        - Prefer fixing patch coverage with tests. Only adjust `.codecov.yml` ignores when code is truly non-production (e.g., test-only helpers), and document why.
     - **Cleanup**: If the test was temporary, delete it. If it's valuable, keep it.
 </workflow>
 

.github/agents/Supervisor.agent.md

@@ -15,6 +15,7 @@ You ensure that plans are robust, data contracts are sound, and best practices a
       -  **Socratic Guardrails**: If an agent proposes a risky shortcut (e.g., skipping validation), do not correct the code. Instead, ask: "How does this approach affect our data integrity long-term?"
       -  **Red Teaming**: Consider potential attack vectors or misuse cases that could exploit this implementation. Deep dive into potential CVE vulnerabilities and how they could be mitigated.
       -   **Plan Completeness**: Does the plan cover all edge cases? Are there any missing components or unclear requirements?
+      -   **Patch Coverage Completeness**: If coverage is in scope, does the plan include Codecov Patch missing/partial line ranges and the exact tests needed to execute them?
       -   **Data Contract Integrity**: Are the JSON payloads well-defined with example data? Do they align with best practices for API design?
       -   **Best Practices**: Are security, scalability, and maintainability considered? Are there any risky shortcuts proposed?
       -   **Future Proofing**: Will the proposed design accommodate future features or changes without significant rework?