You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The validateApiProxyIp/validateAndSanitizeHostAccessPort/validateApiProxyPort describes can merge into src/squid/validation.test.ts (which already exists)
After the split, the original src/security-module-coverage.test.ts can be deleted entirely.
Affected Callers
No production code is affected — test-only change. The mock setup at the top of the omnibus file will need to be replicated in each new test file (each uses the same jest.mock(./logger) and jest.mock(./env-utils) pattern).
Effort Estimate
Low — mechanical migration of describe blocks to new files with copy-paste of shared mock setup.
Benefits
Tests are co-located with their modules, consistent with the rest of the codebase
Failures point immediately to the specific security module, not a 639-line omnibus
New credential providers or Squid config features have an obvious test file to extend
Security reviewers can audit a module and its tests side-by-side
Removes the perpetual temptation to add unrelated security tests to this catch-all
Detected by Refactoring Scanner workflow. Run date: 2026-07-05
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the network.allowed list in your workflow frontmatter:
Refactoring Opportunity
Summary
src/security-module-coverage.test.tsEvidence
The file explicitly declares its own purpose as a catch-all:
None of the covered modules have their own dedicated
.test.tsfile (verified, exceptsrc/squid/validation.tswhich has a separate test):src/squid/ssl-bump.tssrc/squid/upstream-proxy.tssrc/services/credentials/anthropic-credential-env.tssrc/services/credentials/copilot-credential-env.tssrc/services/credentials/gemini-credential-env.tssrc/services/credentials/openai-credential-env.tssrc/services/credentials/vertex-credential-env.tsThe omnibus file contains 10 top-level
describeblocks spread across 639 lines, making it difficult to:Proposed Split
src/security-module-coverage.test.ts(639 lines) should be disbanded and its tests moved to co-located test files:src/squid/ssl-bump.test.ts— movesdescribe(generateSslBumpSection)block (~90 lines)src/squid/upstream-proxy.test.ts— movesdescribe(generateUpstreamProxySection)block (~85 lines)src/services/credentials/anthropic-credential-env.test.ts— movesdescribe(buildAnthropicCredentialEnv)block (~70 lines)src/services/credentials/copilot-credential-env.test.ts— movesdescribe(buildCopilotCredentialEnv)block (~100 lines)src/services/credentials/gemini-credential-env.test.ts— movesdescribe(buildGeminiCredentialEnv)block (~36 lines)src/services/credentials/openai-credential-env.test.ts— movesdescribe(buildOpenAiCredentialEnv)block (~35 lines)src/services/credentials/vertex-credential-env.test.ts— movesdescribe(buildVertexCredentialEnv)block (~35 lines)validateApiProxyIp/validateAndSanitizeHostAccessPort/validateApiProxyPortdescribes can merge intosrc/squid/validation.test.ts(which already exists)After the split, the original
src/security-module-coverage.test.tscan be deleted entirely.Affected Callers
No production code is affected — test-only change. The mock setup at the top of the omnibus file will need to be replicated in each new test file (each uses the same
jest.mock(./logger)andjest.mock(./env-utils)pattern).Effort Estimate
Low — mechanical migration of
describeblocks to new files with copy-paste of shared mock setup.Benefits
Detected by Refactoring Scanner workflow. Run date: 2026-07-05
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.