chore: add local patch coverage preflight instructions before unit tests across multiple agent and instruction files

2026-02-17 14:07:19 +00:00
parent b9bb14694f
commit 0fdaa3fef3
6 changed files with 60 additions and 18 deletions
--- a/.github/agents/Backend_Dev.agent.md
+++ b/.github/agents/Backend_Dev.agent.md
@@ -49,6 +49,9 @@ Your priority is writing code that is clean, tested, and secure by default.
    - Run `go mod tidy`.
    - Run `go fmt ./...`.
    - Run `go test ./...` to ensure no regressions.
+    - **Local Patch Coverage Preflight (MANDATORY)**: Run VS Code task `Test: Local Patch Report` or `bash scripts/local-patch-report.sh` before backend coverage runs.
+        - Ensure artifacts exist: `test-results/local-patch-report.md` and `test-results/local-patch-report.json`.
+        - Use the file-level coverage gap list to target tests before final coverage validation.
    - **Coverage (MANDATORY)**: Run the coverage task/script explicitly and confirm Codecov Patch view is green for modified lines.
        - **MANDATORY**: Patch coverage must cover 100% of new/modified code. This prevents CodeCov Report failing CI.
        - **VS Code Task**: Use "Test: Backend with Coverage" (recommended)
--- a/.github/agents/Frontend_Dev.agent.md
+++ b/.github/agents/Frontend_Dev.agent.md
@@ -40,6 +40,9 @@ You are a SENIOR REACT/TYPESCRIPT ENGINEER with deep expertise in:
   - Add proper error boundaries and loading states

 3. **Testing**:
+   - **Run local patch preflight first**: Execute VS Code task `Test: Local Patch Report` or `bash scripts/local-patch-report.sh` before unit/coverage test runs.
+   - Confirm artifacts exist: `test-results/local-patch-report.md` and `test-results/local-patch-report.json`.
+   - Use the report's file-level uncovered list to prioritize frontend test additions.
   - Write unit tests with Vitest and Testing Library
   - Cover edge cases and error states
   - Run tests with `npm test` in `frontend/` directory
--- a/.github/agents/Management.agent.md
+++ b/.github/agents/Management.agent.md
@@ -144,20 +144,25 @@ The task is not complete until ALL of the following pass with zero issues:
    - **Base URL**: Uses `PLAYWRIGHT_BASE_URL` or default from `playwright.config.js`
    - All E2E tests must pass before proceeding to unit tests

-2. **Coverage Tests (MANDATORY - Verify Explicitly)**:
+2. **Local Patch Coverage Preflight (MANDATORY - Before Unit/Coverage Tests)**:
+    - Ensure the local patch report is run first via VS Code task `Test: Local Patch Report` or `bash scripts/local-patch-report.sh`.
+    - Verify both artifacts exist: `test-results/local-patch-report.md` and `test-results/local-patch-report.json`.
+    - Use this report to identify changed files needing coverage before running backend/frontend coverage suites.
+
+3. **Coverage Tests (MANDATORY - Verify Explicitly)**:
    - **Backend**: Ensure `Backend_Dev` ran VS Code task "Test: Backend with Coverage" or `scripts/go-test-coverage.sh`
    - **Frontend**: Ensure `Frontend_Dev` ran VS Code task "Test: Frontend with Coverage" or `scripts/frontend-test-coverage.sh`
    - **Why**: These are in manual stage of pre-commit for performance. Subagents MUST run them via VS Code tasks or scripts.
    - Minimum coverage: 85% for both backend and frontend.
    - All tests must pass with zero failures.

-3. **Type Safety (Frontend)**:
+4. **Type Safety (Frontend)**:
    - Ensure `Frontend_Dev` ran VS Code task "Lint: TypeScript Check" or `npm run type-check`
    - **Why**: This check is in manual stage of pre-commit for performance. Subagents MUST run it explicitly.

-4. **Pre-commit Hooks**: Ensure `QA_Security` ran `pre-commit run --all-files` (fast hooks only; coverage was verified in step 2)
+5. **Pre-commit Hooks**: Ensure `QA_Security` ran `pre-commit run --all-files` (fast hooks only; coverage was verified in step 3)

-5. **Security Scans**: Ensure `QA_Security` ran the following with zero Critical or High severity issues:
+6. **Security Scans**: Ensure `QA_Security` ran the following with zero Critical or High severity issues:
   - **Trivy Filesystem Scan**: Fast scan of source code and dependencies
   - **Docker Image Scan (MANDATORY)**: Comprehensive scan of built Docker image
     - **Critical Gap**: This scan catches vulnerabilities that Trivy misses:
@@ -171,9 +176,9 @@ The task is not complete until ALL of the following pass with zero issues:
   - **CodeQL Scans**: Static analysis for Go and JavaScript
   - **QA_Security Requirements**: Must run BOTH Trivy and Docker Image scans, compare results, and block approval if image scan reveals additional vulnerabilities not caught by Trivy

-6. **Linting**: All language-specific linters must pass
+7. **Linting**: All language-specific linters must pass

-7: **Provide Detailed Commit Message**: Write a comprehensive commit message following the format and rules outlined in `.github/instructions/commit-message.instructions.md`. The message must be meaningful without viewing the diff and should explain the behavior changes, reasons for the change, and any important side effects or considerations.
+8: **Provide Detailed Commit Message**: Write a comprehensive commit message following the format and rules outlined in `.github/instructions/commit-message.instructions.md`. The message must be meaningful without viewing the diff and should explain the behavior changes, reasons for the change, and any important side effects or considerations.

 **Your Role**: You delegate implementation to subagents, but YOU are responsible for verifying they completed the Definition of Done. Do not accept "DONE" from a subagent until you have confirmed they ran coverage tests, type checks, and security scans explicitly.

--- a/.github/agents/QA_Security.agent.md
+++ b/.github/agents/QA_Security.agent.md
@@ -29,24 +29,29 @@ You are a QA AND SECURITY ENGINEER responsible for testing and vulnerability ass

 1. **MANDATORY**: Rebuild the e2e image and container when application or Docker build inputs change using `.github/skills/scripts/skill-runner.sh docker-rebuild-e2e`. Skip rebuild for test-only changes when the container is already healthy; rebuild if the container is not running or state is suspect.

-2. **Test Analysis**:
+2. **Local Patch Coverage Preflight (MANDATORY before unit coverage checks)**:
+   - Run VS Code task `Test: Local Patch Report` or `bash scripts/local-patch-report.sh` from repo root.
+   - Verify both artifacts exist: `test-results/local-patch-report.md` and `test-results/local-patch-report.json`.
+   - Use file-level uncovered changed-line output to drive targeted unit-test recommendations.
+
+3. **Test Analysis**:
   - Review existing test coverage
   - Identify gaps in test coverage
   - Review test failure outputs with `test_failure` tool

-3. **Security Scanning**:
+4. **Security Scanning**:
   - Run Trivy scans on filesystem and container images
   - Analyze vulnerabilities with `mcp_trivy_mcp_findings_list`
   - Prioritize by severity (CRITICAL > HIGH > MEDIUM > LOW)
   - Document remediation steps

-4. **Test Implementation**:
+5. **Test Implementation**:
   - Write unit tests for uncovered code paths
   - Write integration tests for API endpoints
   - Write E2E tests for user workflows
   - Ensure tests are deterministic and isolated

-5. **Reporting**:
+6. **Reporting**:
   - Document findings in clear, actionable format
   - Provide severity ratings and remediation guidance
   - Track security issues in `docs/security/`
--- a/.github/instructions/copilot-instructions.md
+++ b/.github/instructions/copilot-instructions.md
@@ -135,7 +135,13 @@ Before marking an implementation task as complete, perform the following in orde
    - **Base URL**: Uses `PLAYWRIGHT_BASE_URL` or default from `playwright.config.js`
    - All E2E tests must pass before proceeding to unit tests

-2. **Security Scans** (MANDATORY - Zero Tolerance):
+2. **Local Patch Coverage Preflight** (MANDATORY - Run Before Unit/Coverage Tests):
+    - **Run**: VS Code task `Test: Local Patch Report` or `bash scripts/local-patch-report.sh` from repo root.
+    - **Purpose**: Surface exact changed files and uncovered changed lines before adding/refining unit tests.
+    - **Required Artifacts**: `test-results/local-patch-report.md` and `test-results/local-patch-report.json`.
+    - **Expected Behavior**: Report may warn (non-blocking rollout), but artifact generation is mandatory.
+
+3. **Security Scans** (MANDATORY - Zero Tolerance):
    - **CodeQL Go Scan**: Run VS Code task "Security: CodeQL Go Scan (CI-Aligned)" OR `pre-commit run codeql-go-scan --all-files`
        - Must use `security-and-quality` suite (CI-aligned)
        - **Zero high/critical (error-level) findings allowed**
@@ -157,12 +163,12 @@ Before marking an implementation task as complete, perform the following in orde
        - Database creation: `--threads=0 --overwrite`
        - Analysis: `--sarif-add-baseline-file-info`

-3. **Pre-Commit Triage**: Run `pre-commit run --all-files`.
+4. **Pre-Commit Triage**: Run `pre-commit run --all-files`.
    - If errors occur, **fix them immediately**.
    - If logic errors occur, analyze and propose a fix.
    - Do not output code that violates pre-commit standards.

-4. **Staticcheck BLOCKING Validation**: Pre-commit hooks automatically run fast linters including staticcheck.
+5. **Staticcheck BLOCKING Validation**: Pre-commit hooks automatically run fast linters including staticcheck.
    - **CRITICAL:** Staticcheck errors are BLOCKING - you MUST fix them before commit succeeds.
    - Manual verification: Run VS Code task "Lint: Staticcheck (Fast)" or `make lint-fast`
    - To check only staticcheck: `make lint-staticcheck-only`
@@ -170,7 +176,7 @@ Before marking an implementation task as complete, perform the following in orde
    - If pre-commit fails: Fix the reported issues, then retry commit
    - **Do NOT** use `--no-verify` to bypass this check unless emergency hotfix

-5. **Coverage Testing** (MANDATORY - Non-negotiable):
+6. **Coverage Testing** (MANDATORY - Non-negotiable):
    - **Overall Coverage**: Minimum 85% coverage is MANDATORY and will fail the PR if not met.
    - **Patch Coverage**: Developers should aim for 100% coverage of modified lines (Codecov Patch view). If patch coverage is incomplete, add targeted tests. However, patch coverage is a suggestion and will not block PR approval.
    - **Backend Changes**: Run the VS Code task "Test: Backend with Coverage" or execute `scripts/go-test-coverage.sh`.
@@ -184,21 +190,21 @@ Before marking an implementation task as complete, perform the following in orde
    - **Critical**: Coverage tests are NOT run by default pre-commit hooks (they are in manual stage for performance). You MUST run them explicitly via VS Code tasks or scripts before completing any task.
    - **Why**: CI enforces coverage in GitHub Actions. Local verification prevents CI failures and maintains code quality.

-6. **Type Safety** (Frontend only):
+7. **Type Safety** (Frontend only):
    - Run the VS Code task "Lint: TypeScript Check" or execute `cd frontend && npm run type-check`.
    - Fix all type errors immediately. This is non-negotiable.
    - This check is also in manual stage for performance but MUST be run before completion.

-7. **Verify Build**: Ensure the backend compiles and the frontend builds without errors.
+8. **Verify Build**: Ensure the backend compiles and the frontend builds without errors.
    - Backend: `cd backend && go build ./...`
    - Frontend: `cd frontend && npm run build`

-8. **Fixed and New Code Testing**:
+9. **Fixed and New Code Testing**:
    - Ensure all existing and new unit tests pass with zero failures.
    - When failures and errors are found, deep-dive into root causes. Using the correct `subAgent`, update the working plan, review the implementation, and fix the issues.
    - No issue is out of scope for investigation and resolution. All issues must be addressed before task completion.

-9. **Clean Up**: Ensure no debug print statements or commented-out blocks remain.
+10. **Clean Up**: Ensure no debug print statements or commented-out blocks remain.
    - Remove `console.log`, `fmt.Println`, and similar debugging statements.
    - Delete commented-out code blocks.
    - Remove unused imports.
--- a/.github/instructions/testing.instructions.md
+++ b/.github/instructions/testing.instructions.md
@@ -8,6 +8,26 @@ description: 'Strict protocols for test execution, debugging, and coverage valid

 **MANDATORY**: Before running unit tests, verify the application UI/UX functions correctly end-to-end.

+## 0.5 Local Patch Coverage Preflight (Before Unit Tests)
+
+**MANDATORY**: After E2E and before backend/frontend unit coverage runs, generate a local patch report so uncovered changed lines are visible early.
+
+Run one of the following from `/projects/Charon`:
+
+```bash
+# Preferred (task)
+Test: Local Patch Report
+
+# Script
+bash scripts/local-patch-report.sh
+```
+
+Required artifacts:
+- `test-results/local-patch-report.md`
+- `test-results/local-patch-report.json`
+
+This preflight is advisory for thresholds during rollout, but artifact generation is required in DoD.
+
 ### PREREQUISITE: Start E2E Environment

 **CRITICAL**: Rebuild the E2E container when application or Docker build inputs change. If changes are test-only and the container is already healthy, reuse it. If the container is not running or state is suspect, rebuild.