akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 8 Packages Projects Releases Wiki Activity
Files
efbbf46a7a15c98cd643b91fe7fb5c8c86b41d48
Charon/docs/reports/qa_report.md
GitHub Actions c68804d37e feat: migrate from shoutrr to notfy
2026-02-19 22:50:05 +00:00

5.5 KiB
Raw Blame History

QA/Security Validation Report - Current Branch

Date: 2026-02-19 Repository: /projects/Charon Workflow: Required QA/security gate sequence (E2E-first, coverage, pre-commit, security scans)

Gate Results (Latest Run)

# Gate Command(s) Status Evidence / Artifacts
1 Determine E2E rebuild requirement + rebuild if needed git diff context via changed files + Task Docker: Rebuild E2E Environment + docker inspect health check PASS Rebuild required because branch modifies runtime inputs (backend/**, frontend/**). Rebuild executed; charon-e2e is healthy.
2a Required Playwright targeted suite (changed area) PLAYWRIGHT_HTML_OPEN=never npx playwright test --config /projects/Charon/playwright.config.js /projects/Charon/tests/settings/notifications.spec.ts --project=firefox FAIL 25 passed, 2 failed in tests/settings/notifications.spec.ts: (1) should enable/disable provider timeout due click interception/out-of-viewport on security-notifications-enabled; (2) should show preview error for invalid template matched hidden Error option instead of visible error feedback.
2b Security-project equivalent (firefox excludes security folder) PLAYWRIGHT_HTML_OPEN=never npx playwright test --config /projects/Charon/playwright.config.js /projects/Charon/tests/security-enforcement/zzz-security-ui/system-security-settings.spec.ts --project=security-tests FAIL 20 passed, 1 failed: should save general settings successfully expected success toast (toast-success/status role) not visible within timeout.
3 Local patch coverage preflight + artifact verification bash /projects/Charon/scripts/local-patch-report.sh + artifact ls verification FAIL (artifacts present) Script exits with Error: frontend coverage input missing at /projects/Charon/frontend/coverage/lcov.info. Required artifacts are still generated in warn/input-missing mode: test-results/local-patch-report.md, test-results/local-patch-report.json.
4a Backend coverage >=85% CHARON_ENCRYPTION_KEY=<generated> /projects/Charon/.github/skills/scripts/skill-runner.sh test-backend-coverage PASS Backend coverage gate passed. Summary: statements 87.0%, lines 87.3% (min 85%).
4b Frontend coverage >=85% /projects/Charon/.github/skills/scripts/skill-runner.sh test-frontend-coverage FAIL Test run failed before gate completion: src/pages/__tests__/Security.functional.test.tsx test should disable Notifications button when Cerberus is disabled expects disabled button but button is enabled.
5 Frontend type-check cd /projects/Charon/frontend && npm run type-check PASS tsc --noEmit completed without TypeScript errors.
6 Pre-commit all files pre-commit run --all-files PASS Initial runs auto-fixed trailing whitespace (docs/plans/current_spec.md, then docs/reports/qa_report.md); subsequent rerun completed with all hooks passing.
7a Trivy filesystem scan /projects/Charon/.github/skills/scripts/skill-runner.sh security-scan-trivy PASS Summary: 0 vulnerabilities, 0 secrets across scanned targets (backend/go.mod, frontend/package-lock.json, package-lock.json, playwright/.auth/user.json).
7b Docker image scan Task Security: Scan Docker Image (Local) PASS Grype summary: 0 critical, 0 high, 9 medium, 4 low (total 13). Output notes non-blocking medium/low only.
7c CodeQL Go (CI-aligned) Task Security: CodeQL Go Scan (CI-Aligned) [~60s] PASS Completed, extraction parity OK (compiled baseline=178, extracted=178), SARIF generated: codeql-results-go.sarif.
7d CodeQL JS (CI-aligned) bash scripts/pre-commit-hooks/codeql-js-scan.sh (from repo root after stale DB cleanup) PASS Completed; CodeQL scanned 346/346 JS/TS files. SARIF generated: codeql-results-js.sarif.
7e CodeQL findings gate pre-commit run --hook-stage manual codeql-check-findings --all-files PASS Hook output: no HIGH/CRITICAL findings in Go or JS SARIF.

Exact Failing Commands + Root Cause

  1. Playwright notifications suite Command: PLAYWRIGHT_HTML_OPEN=never npx playwright test --config /projects/Charon/playwright.config.js /projects/Charon/tests/settings/notifications.spec.ts --project=firefox Root cause: two failing assertions in suite (setChecked click interception/viewport issue; hidden text match in invalid-template error assertion).

  2. Playwright security-project suite Command: PLAYWRIGHT_HTML_OPEN=never npx playwright test --config /projects/Charon/playwright.config.js /projects/Charon/tests/security-enforcement/zzz-security-ui/system-security-settings.spec.ts --project=security-tests Root cause: success toast not visible after settings save in system-security-settings.spec.ts.

  3. Local patch preflight Command: bash /projects/Charon/scripts/local-patch-report.sh Root cause: required frontend LCOV input missing (frontend/coverage/lcov.info); report emitted in input-missing warning mode.

  4. Frontend coverage gate Command: /projects/Charon/.github/skills/scripts/skill-runner.sh test-frontend-coverage Root cause: failing frontend test in Security.functional.test.tsx (Notifications button disable expectation no longer matches current UI behavior).

Final Verdict

  • Overall Result: FAIL
  • Blocking failed gates: 2a, 2b, 3, 4b
  • Security scan status: Trivy PASS, Docker image scan PASS (no high/critical), CodeQL Go/JS PASS, CodeQL findings gate PASS
Reference in New Issue View Git Blame Copy Permalink