# Test Coverage Baseline Generated for chunk 038 on 2026-05-10. ## Summary The repository has a useful validation skeleton: backend unit tests, backend e2e tests, one frontend component test, runtime smoke, shell scenario tests for AI workflow helpers, and format/lint/build/codegen commands. The main risk is uneven behavioral coverage: backend auth/users have focused tests, but frontend UI flows, generated GraphQL operation behavior, local package behavior, and workflow helper edge cases are still lightly covered. ## Existing Test Commands Root scripts: - `yarn test`: runs backend and frontend tests. - `yarn test:backend`: runs backend Jest unit tests. - `yarn test:frontend`: runs frontend Angular/Vitest tests. - `yarn smoke:runtime`: starts backend/frontend and verifies health, frontend HTTP 200, users query, create smoke user, login, currentUser, and cleanup. - `ai/commands/validate.sh`: runs codegen, lint, format check, package build, backend build, frontend build, backend tests, backend e2e, and frontend tests. Backend scripts: - `yarn workspace backend test` - `yarn workspace backend test:e2e` - `yarn workspace backend test:cov` - `yarn workspace backend cleanup:smoke-users` Frontend scripts: - `yarn workspace frontend test` Workflow/tooling commands: - `ai/commands/workflow-scenarios-test.sh` - `ai/commands/workflow-state-scenarios-test.sh` - `ai/tools/telegram/test/lib-test.sh` - `ai/tools/telegram/test/bridge-test.sh` ## Existing Backend Tests Backend unit tests: - `apps/backend/src/app.controller.spec.ts` - `apps/backend/src/app.resolver.spec.ts` - `apps/backend/src/auth/auth.resolver.spec.ts` - `apps/backend/src/common/graphql/format-graphql-error.spec.ts` - `apps/backend/src/users/users.resolver.spec.ts` Backend e2e: - `apps/backend/test/app.e2e-spec.ts` Current backend coverage strengths: - Root/health baseline. - GraphQL health baseline. - Users resolver behavior. - Auth resolver behavior. - GraphQL error formatting. - E2E coverage for core API flow. - Backend/API scenario strategy is documented under `apps/backend/scenarios`, including fixture prefixes and cleanup expectations. Likely backend gaps: - Broader negative auth cases and token edge cases. - Config validation failure cases beyond startup smoke. - Prisma/database behavior at service boundaries where mocked tests may not catch integration drift. - Authorization patterns for future protected resources. - Dedicated backend scenario harnesses for admin bootstrap and higher-level regression flows. ## Existing Frontend Tests Frontend tests: - `apps/frontend/src/app/app.spec.ts` Current frontend coverage strengths: - Basic app/component smoke coverage. Likely frontend gaps: - Login/logout/currentUser UI states. - Create smoke user UI behavior. - Users list GraphQL operation behavior. - Error/loading states for Apollo calls. - Environment GraphQL URL behavior. - Browser-level checks for responsive UI and form ergonomics. - Playwright/browser smoke is documented under `apps/frontend/smoke`, but Playwright is not installed or configured yet. ## Existing E2E And Runtime Smoke Runtime smoke: - `scripts/runtime-smoke.js` - Root command: `yarn smoke:runtime` Runtime smoke verifies: - Required backend env. - Backend boot. - Frontend boot. - Backend health. - Frontend HTTP 200. - GraphQL users query. - Create smoke user with password. - Login with created smoke user. - currentUser with JWT. - Cleanup of generated smoke user. Likely runtime smoke gaps: - Browser interaction through the rendered UI. - Failure/error UI states. - Multiple-user or duplicate-user flows. - Production-like env variations. ## Workflow And AI Tooling Tests Workflow scripts: - `ai/commands/workflow-scenarios-test.sh` - `ai/commands/workflow-state-scenarios-test.sh` Telegram tests: - `ai/tools/telegram/test/lib-test.sh` - `ai/tools/telegram/test/bridge-test.sh` Current workflow coverage strengths: - Canonical state transitions. - Ready-for-QA and ready-to-complete gates. - Prompt synthesis mode selection and blocked output. - Multi-pass Developer/QA history behavior. - Workflow summary advisory command behavior. - Telegram bridge library and command behavior. Likely workflow coverage gaps: - Requirements lifecycle scenario coverage. - Prompt Synthesizer review prompt quality scenarios. - Workflow summary full-output fixtures beyond key advisory cases. - Telegram live/poll-mode behavior still depends partly on manual validation. ## High-Risk Missing Coverage - Frontend auth and user smoke UI behavior. - Browser/runtime UI coverage for user-facing flows. - Backend auth failure and edge cases. - Backend auth/admin bootstrap assumptions and safe local seeding. - End-to-end GraphQL contract changes across backend schema, frontend operations, and generated services. - Requirements lifecycle helper scenarios. - Workflow/Telegram output quality assertions for every new command category. ## Recommended Future Test Chunks 1. Add frontend component tests for health/users/create smoke user/login/currentUser/logout states. 2. Add backend auth negative-path tests for invalid credentials, missing token, invalid token, and currentUser failure behavior. 3. Add requirements lifecycle scenario tests for new/approve/complete/state helpers. 4. Add prompt synthesis fixture tests for QA, Developer, Developer-fix, and requirements-review modes. 5. Add Playwright dependency/configuration and browser smoke coverage for the minimal frontend auth/users flow. 6. Add a backend auth/admin bootstrap scenario harness using local-only fixtures and explicit cleanup. 7. Expand workflow summary tests to cover `--full`, `--handoff-only`, active/no-active/multiple-active states. ## Baseline Policy Future chunks should use `ai/standards/test-strategy.md` and include `## Test Impact` when they change behavior or workflow/operator output. QA should block behavior changes when test impact is missing, weak, or unsupported by validation, unless a human explicitly accepts a follow-up test chunk.