akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
Files
697ef6d2007cea8d24a7027240fe4dcc0792e4f7
Charon/docs/plans/current_spec.md
GitHub Actions 697ef6d200 feat: implement comprehensive test optimization 
- Add gotestsum for real-time test progress visibility
- Parallelize 174 tests across 14 files for faster execution
- Add -short mode support skipping 21 heavy integration tests
- Create testutil/db.go helper for future transaction rollbacks
- Fix data race in notification_service_test.go
- Fix 4 CrowdSec LAPI test failures with permissive validator

Performance improvements:
- Tests now run in parallel (174 tests with t.Parallel())
- Quick feedback loop via -short mode
- Zero race conditions detected
- Coverage maintained at 87.7%

Closes test optimization initiative
2026-01-03 19:42:53 +00:00

7.7 KiB
Raw Blame History

Charon Feature & Remediation Tracker

Last Updated: January 3, 2026

This document serves as the central index for all active plans, implementation specs, and outstanding work items.

0. Test Coverage Remediation (ACTIVE)

Status: 🔴 IN PROGRESS Priority: CRITICAL - Blocking PR merge Target: Patch coverage from 84.85% → 85%+

Coverage Gap Analysis

File Patch % Missing Priority Agent
backend/internal/utils/url_testing.go 74.83% 38 lines 🔴 P0 Backend_Dev
backend/internal/services/dns_provider_service.go 78.26% 35 lines 🔴 P0 Backend_Dev
backend/internal/network/internal_service_client.go 0.00% 14 lines 🔴 P0 Backend_Dev
backend/internal/security/url_validator.go 77.55% 11 lines 🟡 P1 Backend_Dev
backend/internal/crypto/encryption.go 74.35% 10 lines 🟡 P1 Backend_Dev
backend/internal/services/notification_service.go 66.66% 8 lines 🟡 P1 Backend_Dev
backend/internal/api/handlers/crowdsec_handler.go 82.85% 6 lines 🟢 P2 Backend_Dev
backend/internal/api/handlers/dns_provider_handler.go 98.30% 5 lines 🟢 P2 Backend_Dev
backend/internal/services/uptime_service.go 85.71% 3 lines 🟢 P2 Backend_Dev
frontend/src/components/DNSProviderSelector.tsx 86.36% 3 lines 🟢 P2 Frontend_Dev

Full Remediation Plan: test-coverage-remediation-plan.md

Quick Reference: Test Files to Create/Modify

New Test File Target
backend/internal/network/internal_service_client_test.go +14 lines
backend/internal/utils/url_testing_coverage_test.go +15-20 lines
frontend/src/components/__tests__/DNSProviderSelector.test.tsx +3 lines
Existing Test File to Extend Target
backend/internal/services/dns_provider_service_test.go +15-18 lines
backend/internal/security/url_validator_test.go +8-10 lines
backend/internal/crypto/encryption_test.go +8-10 lines
backend/internal/services/notification_service_test.go +6-8 lines
backend/internal/api/handlers/crowdsec_handler_test.go +5-6 lines

1. SSRF Remediation

Status: 🔴 IN PROGRESS

The authoritative, Supervisor-updated SSRF plan is:

Merge Policy (Supervisor requirement)

  • The global CodeQL exclusion for go/request-forgery in .github/codeql/codeql-config.yml must be removed in the same PR/merge as the underlying SSRF fixes.
  • Phase 0 can include local-only recon (e.g., temporary local edit of CodeQL config to surface findings), but must not be a mergeable intermediate state.

SSRF Call Sites (Current Known)

Location Function File
Uptime Monitor (*UptimeService).checkMonitor uptime_service.go
CrowdSec LAPI GetLAPIDecisions, CheckLAPIHealth crowdsec_handler.go
Caddy Admin API NewClient, Load/GetConfig/Ping client.go
URL Connectivity Test utils.TestURLConnectivity url_testing.go

2. DNS Provider Feature (Issue #21)

Core Implementation

Status: COMPLETE

All core components implemented:

Layer Component Status
Backend Encryption Service (crypto/encryption.go) Complete
Backend DNSProvider Model Complete
Backend DNS Provider Service Complete
Backend DNS Provider Handler Complete
Backend Routes Registered Complete
Backend Caddy DNS-01 Integration Complete
Frontend API Client & Hooks Complete
Frontend DNS Providers Page & Form Complete
Frontend ProxyHost Integration Complete
Frontend Translations Complete

Acceptance Criteria Verification

Criterion Status
Users can add, edit, delete, and test DNS provider configurations Implemented
Credentials encrypted at rest using AES-256-GCM Implemented
Credentials never exposed in API responses Implemented (json:"-")
Proxy hosts with wildcard domains can select a DNS provider Implemented
Caddy successfully obtains wildcard certificates via DNS-01 Implemented
Backend unit test coverage ≥ 85% 85.2% (verified 2026-01-03)
Frontend unit test coverage ≥ 85% 87.8% (verified 2026-01-03)
User documentation completed Complete (5 provider guides)
All translations added Complete

Verification Results (2026-01-03)

Check Result
Backend Coverage 85.2% (threshold: 85%)
Frontend Coverage 87.8% (threshold: 85%)
Security Scan (Trivy) 0 Critical, 0 High
Security Scan (govulncheck) 0 vulnerabilities
Pre-commit Hooks All 11 hooks passed
CHANGELOG Entry exists in [Unreleased]

Outstanding Items (Pre-Merge)

  • Run backend coverage report85.2%
  • Run frontend coverage report87.8%
  • Complete Google Cloud DNS setup guide — Created
  • Complete Azure DNS setup guide — Created
  • Manual E2E validation: DNS provider → wildcard proxy → certificate issued
  • CHANGELOG entry for DNS provider feature — Already present
  • Security scans (Trivy, govulncheck) — Passed

Future Enhancements

Status: 📋 PLANNING

Priority Feature Est. Time Status
P0 Audit Logging for Credential Operations 8-12 hrs Not Started
P1 Key Rotation Automation 16-20 hrs Not Started
P1 Multi-Credential per Provider (Zone-Specific) 12-16 hrs Not Started
P2 DNS Provider Auto-Detection 6-8 hrs Not Started
P3 Custom DNS Provider Plugins 20-24 hrs Not Started

Recommended Implementation Order:

  1. Audit Logging (Security/Compliance baseline for SOC 2, GDPR, HIPAA)
  2. Key Rotation (Security hardening, annual rotation support)
  3. Multi-Credential (Enterprise/MSP multi-tenancy)
  4. Auto-Detection (UX improvement)
  5. Custom Plugins (Extensibility for power users)

3. Related Documents (Index)

Document Description
patch-coverage-codecov.md Codecov patch coverage plan
codeql-local-hygiene.md CodeQL/Trivy local scan hygiene notes
dns_providers_IMPLEMENTATION.md DNS provider full implementation spec
dns_challenge_future_features.md DNS challenge future enhancements plan

4. Definition of Done (All Features)

Before any feature is considered complete:

  • Backend unit test coverage ≥ 85%
  • Frontend unit test coverage ≥ 85%
  • TypeScript check passes (npm run type-check)
  • Pre-commit hooks pass (pre-commit run --all-files)
  • CodeQL scans: zero Critical/High issues
  • Trivy scans: zero Critical/High vulnerabilities
  • All linters pass
  • Documentation updated
  • CHANGELOG updated
Reference in New Issue View Git Blame Copy Permalink