Coverage Gaps Auditor (L3 Worker)
Specialized worker identifying missing tests for critical business logic.
Purpose & Scope
- •Worker in ln-630 coordinator pipeline
- •Audit Coverage Gaps (Category 4: High Priority)
- •Identify untested critical paths
- •Classify by category (Money, Security, Data, Core Flows)
- •Calculate compliance score (X/10)
Inputs (from Coordinator)
Receives contextStore with critical paths classification, codebase structure, test file list.
Domain-aware fields (NEW):
- •
domain_mode:"domain-aware"|"global"(optional, defaults to "global") - •
current_domain:{name, path}when domain_mode="domain-aware"
Example contextStore (domain-aware):
{
"tech_stack": {...},
"best_practices": {...},
"testFilesMetadata": [...],
"codebase_root": "/project",
"domain_mode": "domain-aware",
"current_domain": {
"name": "orders",
"path": "src/orders"
}
}
Workflow
- •
Parse context from contextStore
- •Extract tech_stack, best_practices, testFilesMetadata
- •Determine scan_path (NEW):
code
IF domain_mode == "domain-aware": scan_path = codebase_root + "/" + current_domain.path domain_name = current_domain.name ELSE: scan_path = codebase_root domain_name = null
- •
Identify critical paths in scan_path (not entire codebase)
- •Scan production code in
scan_pathfor money/security/data keywords - •All Grep/Glob patterns use
scan_path(not codebase_root) - •Example:
Grep(pattern="payment|refund|discount", path=scan_path)
- •Scan production code in
- •
Check test coverage for each critical path
- •Search ALL test files for coverage (tests may be in different location than production code)
- •Match by function name, module name, or test description
- •
Collect missing tests
- •Tag each finding with
domain: domain_name(if domain-aware)
- •Tag each finding with
- •
Calculate score
- •
Return JSON with domain metadata
- •Include
domainandscan_pathfields (if domain-aware)
- •Include
Critical Paths Classification
1. Money Flows (Priority 20+)
What: Any code handling financial transactions
Examples:
- •Payment processing (
/payment,processPayment()) - •Discounts/promotions (
calculateDiscount(),applyPromoCode()) - •Tax calculations (
calculateTax(),getTaxRate()) - •Refunds (
processRefund(),/refund) - •Invoices/billing (
generateInvoice(),createBill()) - •Currency conversion (
convertCurrency())
Min Priority: 20
Why Critical: Money loss, fraud, legal compliance
2. Security Flows (Priority 20+)
What: Authentication, authorization, encryption
Examples:
- •Login/logout (
/login,authenticate()) - •Token refresh (
/refresh-token,refreshAccessToken()) - •Password reset (
/forgot-password,resetPassword()) - •Permissions/RBAC (
checkPermission(),hasRole()) - •Encryption/hashing (custom crypto logic, NOT bcrypt/argon2)
- •API key validation (
validateApiKey())
Min Priority: 20
Why Critical: Security breach, data leak, unauthorized access
3. Data Integrity (Priority 15+)
What: CRUD operations, transactions, validation
Examples:
- •Critical CRUD (
createUser(),deleteOrder(),updateProduct()) - •Database transactions (
withTransaction()) - •Data validation (custom validators, NOT framework defaults)
- •Data migrations (
runMigration()) - •Unique constraints (
checkDuplicateEmail())
Min Priority: 15
Why Critical: Data corruption, lost data, inconsistent state
4. Core User Journeys (Priority 15+)
What: Multi-step flows critical to business
Examples:
- •Registration → Email verification → Onboarding
- •Search → Product details → Add to cart → Checkout
- •Upload file → Process → Download result
- •Submit form → Approval workflow → Notification
Min Priority: 15
Why Critical: Broken user flow = lost customers
Audit Rules
1. Identify Critical Paths
Process:
- •Scan codebase for money-related keywords:
payment,refund,discount,tax,price,currency - •Scan for security keywords:
auth,login,password,token,permission,encrypt - •Scan for data keywords:
transaction,validation,migration,constraint - •Scan for user journeys: multi-step flows in routes/controllers
2. Check Test Coverage
For each critical path:
- •Search test files for matching test name/description
- •If NO test found → add to missing tests list
- •If test found but inadequate (only positive, no edge cases) → add to gaps list
3. Categorize Gaps
Severity by Priority:
- •CRITICAL: Priority 20+ (Money, Security)
- •HIGH: Priority 15-19 (Data, Core Flows)
- •MEDIUM: Priority 10-14 (Important but not critical)
4. Provide Justification
For each missing test:
- •Explain WHY it's critical (money loss, security breach, etc.)
- •Suggest test type (E2E, Integration, Unit)
- •Estimate effort (S/M/L)
Scoring Algorithm
critical_paths = count of critical paths tested_paths = count of critical paths with tests coverage_percentage = (tested_paths / critical_paths) * 100 score = coverage_percentage / 10 // 100% coverage = 10 score score = max(0, min(10, score))
Output Format
Global mode output:
{
"category": "Coverage Gaps",
"score": 6,
"critical_paths_total": 25,
"tested_paths": 15,
"untested_paths": 10,
"coverage_percentage": 60,
"findings": [
{
"severity": "CRITICAL",
"category": "Money",
"missing_test": "E2E: Payment with discount code",
"location": "services/payment.ts:processPayment()",
"priority": 25,
"justification": "Money calculation with discount logic — high risk of incorrect total",
"test_type": "E2E",
"effort": "M"
}
]
}
Domain-aware mode output (NEW):
{
"category": "Coverage Gaps",
"score": 7,
"domain": "orders",
"scan_path": "src/orders",
"critical_paths_total": 12,
"tested_paths": 8,
"untested_paths": 4,
"coverage_percentage": 67,
"findings": [
{
"severity": "CRITICAL",
"category": "Money",
"missing_test": "E2E: applyDiscount() with edge cases",
"location": "src/orders/services/order.ts:45",
"priority": 25,
"justification": "Discount calculation in orders domain — high risk of incorrect total",
"test_type": "E2E",
"effort": "M",
"domain": "orders"
},
{
"severity": "HIGH",
"category": "Data Integrity",
"missing_test": "Integration: orderTransaction() rollback",
"location": "src/orders/repositories/order.ts:78",
"priority": 18,
"justification": "Data corruption risk in orders domain",
"test_type": "Integration",
"effort": "M",
"domain": "orders"
}
]
}
Critical Rules
- •Domain-aware scanning: If
domain_mode="domain-aware", scan ONLYscan_pathproduction code (not entire codebase) - •Tag findings: Include
domainfield in each finding when domain-aware - •Test search scope: Search ALL test files for coverage (tests may be in different location than production code)
- •Match by name: Use function name, module name, or test description to match tests to production code
Definition of Done
- •contextStore parsed (including domain_mode and current_domain)
- •scan_path determined (domain path or codebase root)
- •Critical paths identified in scan_path (Money, Security, Data, Core Flows)
- •Test coverage checked for each critical path
- •Missing tests collected with severity, priority, justification, domain
- •Score calculated
- •JSON returned to coordinator with domain metadata
Version: 3.0.0 Last Updated: 2025-12-23