test: weekly coverage improvement 2026-05-24#76
Conversation
- New tests: comments (14), nudges (5), cronAuth (7), onboarding (13) - Extended streaks tests with 18 new tests (formatDateInTimezone, getHourInTimezone, getActivityHeatmap) - Updated supabase mock with .limit(), .or(), .upsert() and other chain methods - Coverage: 79.86% → 88.93% statements, 69.44% → 77.85% branches - All 244 tests pass Co-Authored-By: Claude Scheduled Task <noreply@anthropic.com> https://claude.ai/code/session_01UNgPMRySsVqbA5gmS83zxs
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d217f4e5a2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| it('returns unauthorized when token does not match', () => { | ||
| process.env.CRON_SECRET = 'my-secret-123'; | ||
| const request = mockRequest('Bearer wrong-secret'); |
There was a problem hiding this comment.
Use equal-length token to exercise timingSafeEqual path
'Bearer wrong-secret' is shorter than 'Bearer my-secret-123', so this case exits in the length-mismatch guard instead of the intended value-mismatch branch. That means the test suite still does not execute the timingSafeEqual check in verifyCronSecret, leaving the security-critical comparison path unverified and allowing regressions there to pass unnoticed.
Useful? React with 👍 / 👎.
Weekly Test Coverage
Automated PR from the scheduled coverage task.
What changed
docs/reports/coverage-2026-05-24.mdCoverage improvement
New tests written
tests/unit/lib/comments.test.js— 14 tests (getComments,getBatchCommentCounts,postComment,deleteComment)tests/unit/lib/nudges.test.js— 5 tests (sendNudge: auth, rate limit, happy path, errors)tests/unit/lib/cronAuth.test.js— 7 tests (verifyCronSecret: valid/invalid tokens, missing env)tests/unit/lib/onboarding.test.js— 13 tests (getOnboardingState,detectProgress,syncProgress,resetOnboarding)tests/unit/lib/streaks.test.js— 18 new tests (formatDateInTimezone,getHourInTimezone,getActivityHeatmap, additionalcalculateStreakedge cases)Mock helper updates
Added
.limit(),.or(),.upsert()and other chain methods totests/setup/supabase-mock.js, unblocking tests for files that were previously deferred.Test results
All 244 tests pass. No source files modified.
Scope
Tests follow the existing Vitest + happy-dom conventions in
tests/unit/lib/. React components, context providers, animation presets, and browser-only utilities (confetti, sounds) are out of scope.https://claude.ai/code/session_01UNgPMRySsVqbA5gmS83zxs
Generated by Claude Code