- Implement tests for BackupService to handle database extraction from backup archives with SHM and WAL entries.
- Add tests for BackupService to validate behavior when creating backups for non-SQLite databases and handling oversized database entries.
- Introduce tests for CrowdSec startup to ensure proper error handling during configuration creation.
- Enhance LogService tests to cover scenarios for skipping dot and empty directories and handling read directory errors.
- Add tests for SecurityHeadersService to ensure proper error handling during preset creation and updates.
- Update ProxyHostForm tests to include HSTS subdomains toggle and validation for port input handling.
- Enhance DNSProviders tests to validate manual challenge completion and error handling when no providers are available.
- Extend UsersPage tests to ensure fallback mechanisms for clipboard operations when the clipboard API fails.
- Implemented a new script `local-patch-report.sh` to generate a local patch report.
- The report computes patch coverage based on changes from the current branch against `origin/main`.
- Integrated backend and frontend coverage inputs, producing both Markdown and JSON output artifacts.
- Updated existing frontend coverage script to validate the presence of LCOV coverage file.
- Added tests for coverage computation and parsing of unified diffs for changed lines.
- Enhanced error handling and validation for coverage inputs and baseline references.
- Implemented SystemPermissionsHandler to check and repair file permissions.
- Added endpoints for retrieving and repairing permissions.
- Introduced utility functions for permission checks and error mapping.
- Created tests for the new handler and utility functions.
- Updated routes to include the new permissions endpoints.
- Enhanced configuration to support new logging and plugin directories.
- Updated `crowdsec_handler.go` to log inaccessible paths during config export and handle permission errors gracefully.
- Modified `emergency_handler.go` to clear admin whitelist during security reset and ensure proper updates to security configurations.
- Enhanced user password update functionality in `user_handler.go` to reset failed login attempts and lockout status.
- Introduced rate limiting middleware in `cerberus` to manage request rates and prevent abuse, with comprehensive tests for various scenarios.
- Added validation for proxy host entries in `proxyhost_service.go` to ensure valid hostnames and IP addresses, including tests for various cases.
- Improved IP matching logic in `whitelist.go` to support both IPv4 and IPv6 loopback addresses.
- Updated configuration loading in `config.go` to include rate limiting parameters from environment variables.
- Added tests for new functionalities and validations to ensure robustness and reliability.
Phase 3 coverage improvement campaign achieved primary objectives
within budget, bringing all critical code paths above quality thresholds
while identifying systemic infrastructure limitations for future work.
Backend coverage increased from 83.5% to 84.2% through comprehensive
test suite additions spanning cache invalidation, configuration parsing,
IP canonicalization, URL utilities, and token validation logic. All five
targeted packages now exceed 85% individual coverage, with the remaining
gap attributed to intentionally deferred packages outside immediate scope.
Frontend coverage analysis revealed a known compatibility conflict between
jsdom and undici WebSocket implementations preventing component testing of
real-time features. Created comprehensive test suites totaling 458 cases
for security dashboard components, ready for execution once infrastructure
upgrade completes. Current 84.25% coverage sufficiently validates UI logic
and API interactions, with E2E tests providing WebSocket feature coverage.
Security-critical modules (cerberus, crypto, handlers) all exceed 86%
coverage. Patch coverage enforcement remains at 85% for all new code.
QA security assessment classifies current risk as LOW, supporting
production readiness.
Technical debt documented across five prioritized issues for next sprint,
with test infrastructure upgrade (MSW v2.x) identified as highest value
improvement to unlock 15-20% additional coverage potential.
All Phase 1-3 objectives achieved:
- CI pipeline unblocked via split browser jobs
- Root cause elimination of 91 timeout anti-patterns
- Coverage thresholds met for all priority code paths
- Infrastructure constraints identified and mitigation planned
Related to: #609 (E2E Test Triage and Beta Release Preparation)
- Created a comprehensive runbook for emergency token rotation, detailing when to rotate, prerequisites, and step-by-step procedures.
- Included methods for generating secure tokens, updating configurations, and verifying new tokens.
- Added an automation script for token rotation to streamline the process.
- Implemented compliance checklist and troubleshooting sections for better guidance.
test: Implement E2E tests for emergency server and token functionality
- Added tests for the emergency server to ensure it operates independently of the main application.
- Verified that the emergency server can bypass security controls and reset security settings.
- Implemented tests for emergency token validation, rate limiting, and audit logging.
- Documented expected behaviors for emergency access and security enforcement.
refactor: Introduce security test fixtures for better test management
- Created a fixtures file to manage security-related test data and functions.
- Included helper functions for enabling/disabling security modules and testing emergency access.
- Improved test readability and maintainability by centralizing common logic.
test: Enhance emergency token tests for robustness and coverage
- Expanded tests to cover various scenarios including token validation, rate limiting, and idempotency.
- Ensured that emergency token functionality adheres to security best practices.
- Documented expected behaviors and outcomes for clarity in test results.
- Implemented `useManualChallenge`, `useChallengePoll`, and `useManualChallengeMutations` hooks for managing manual DNS challenges.
- Created tests for the `useManualChallenge` hooks to ensure correct fetching and mutation behavior.
- Added `ManualDNSChallenge` component for displaying challenge details and actions.
- Developed end-to-end tests for the Manual DNS Provider feature, covering provider selection, challenge UI, and accessibility compliance.
- Included error handling tests for verification failures and network errors.
- Implement DNSProviderCard component for displaying individual DNS provider details.
- Create DNSProviderForm component for adding and editing DNS providers.
- Add DNSProviderSelector component for selecting DNS providers in forms.
- Introduce useDNSProviders hook for fetching and managing DNS provider data.
- Add DNSProviders page for listing and managing DNS providers.
- Update layout to include DNS Providers navigation.
- Enhance UI components with new badge styles and improved layouts.
- Add default provider schemas for various DNS providers.
- Integrate translation strings for DNS provider management.
- Update Vite configuration for improved chunking and performance.
- Created `qa-test-output-after-fix.txt` and `qa-test-output.txt` to log results of certificate page authentication tests.
- Added `build.sh` for deterministic backend builds in CI, utilizing `go list` for efficiency.
- Introduced `codeql_scan.sh` for CodeQL database creation and analysis for Go and JavaScript/TypeScript.
- Implemented `dockerfile_check.sh` to validate Dockerfiles for base image and package manager mismatches.
- Added `sourcery_precommit_wrapper.sh` to facilitate Sourcery CLI usage in pre-commit hooks.
- Added a test case in CrowdSecConfig to show improved error message when preset is not cached.
- Introduced a new test suite for the Dashboard component, verifying counts and health status.
- Updated SMTPSettings tests to utilize a shared render function and added tests for backend validation errors.
- Modified Security.audit tests to improve input handling and removed redundant export failure test.
- Refactored Security tests to remove export functionality and ensure correct rendering of components.
- Enhanced UsersPage tests with new scenarios for updating user permissions and manual invite link flow.
- Created a new utility for rendering components with a QueryClient and MemoryRouter for better test isolation.
- Updated go-test-coverage script to improve error handling and coverage reporting.
- Implemented Settings page for changing user passwords with validation and feedback.
- Created Setup page for initial admin account setup with form handling and navigation.
- Added API service layer for handling requests related to proxy hosts, remote servers, and import functionality.
- Introduced mock data for testing purposes and set up testing framework with vitest.
- Configured Tailwind CSS for styling and Vite for development and build processes.
- Added scripts for Dockerfile validation, Python syntax checking, and Sourcery integration.
- Implemented release and coverage scripts for better CI/CD practices.
- Deleted Settings.tsx and Setup.tsx pages, which included functionality for changing passwords and setting up an admin account.
- Removed associated test files for Setup page.
- Eliminated API service definitions related to proxy hosts, remote servers, import functionality, and health checks.
- Cleaned up mock data and test setup files.
- Removed configuration files for TypeScript, Vite, and Tailwind CSS.
- Deleted scripts for testing coverage, release management, Dockerfile validation, and Python compilation checks.
- Removed Sourcery pre-commit wrapper script.
- Deleted Caddy configuration types and validation logic from the backend.
- Removed associated test files for validation.
- Cleaned up related service and model files that are no longer needed.
- Removed unnecessary environment configuration and database connection code.
- Eliminated unused models related to access control, SSL certificates, and user management.
- Cleaned up node modules by removing unnecessary binaries.
- Implemented Issue #9: User Authentication & Authorization
- Added User model fields (FailedLoginAttempts, LockedUntil, LastLogin)
- Created AuthService with JWT support, bcrypt hashing, and account lockout
- Added AuthMiddleware and AuthHandler
- Registered auth routes in backend
- Created AuthContext and RequireAuth component in frontend
- Implemented Login page and integrated with backend
- Fixed 'Blank Page' issue in local Docker environment
- Added QueryClientProvider to main.tsx
- Installed missing lucide-react dependency
- Fixed TypeScript linting errors in SetupGuard.tsx
- Updated docker-entrypoint.sh to use 127.0.0.1 for reliable Caddy checks
- Verified with local Docker build
