max / makenotwork
1 file changed,
+36 insertions,
-0 deletions
| @@ -198,6 +198,42 @@ Modules with 1-3 tests that need expansion, plus missing modules for features we | |||
| 198 | 198 | #### Not needed | |
| 199 | 199 | - `TestHarness::minimal()` — `new()` is already the minimal constructor (DB only, no extras) | |
| 200 | 200 | ||
| 201 | + | ### Phase 4: Push to A+ (testing quality + coverage depth) | |
| 202 | + | ||
| 203 | + | Current: A (986 unit + 679 integration = 1,665 tests, 13.1 unit tests/KLOC). | |
| 204 | + | ||
| 205 | + | #### Property-based testing (pricing/discount/formatting) | |
| 206 | + | - [ ] Add `proptest` or `quickcheck` dev-dependency | |
| 207 | + | - [ ] `pricing.rs`: property tests for all PricingModel impls — random prices, verify amount >= 0, verify free items produce $0, verify PWYW minimum is enforced | |
| 208 | + | - [ ] `promo_codes.rs`: property test `apply_discount` — random price * random percentage never exceeds original price, never goes negative, round-trips correctly | |
| 209 | + | - [ ] `helpers.rs`: property test `format_price` — random i32 inputs always produce valid `$X.XX` or `"Free"` format, never panic | |
| 210 | + | - [ ] `Cents` arithmetic: property test that `Cents::new(a) + Cents::new(b) == Cents::new(a + b)` for all i64 pairs within reasonable range | |
| 211 | + | - [ ] `validated_types.rs`: property test Username/Slug — random valid inputs round-trip through `new` -> `to_string` -> `new` | |
| 212 | + | ||
| 213 | + | #### Mutation testing | |
| 214 | + | - [ ] Install `cargo-mutants` and run against `src/pricing.rs` — verify test suite catches >90% of mutations | |
| 215 | + | - [ ] Run against `src/db/promo_codes.rs` (apply_discount logic) — verify >90% kill rate | |
| 216 | + | - [ ] Run against `src/helpers.rs` (format_price, format_revenue, CSV sanitization) — verify >90% kill rate | |
| 217 | + | - [ ] Run against `src/auth.rs` (check_not_sandbox, check_not_suspended) — verify 100% kill rate on guard functions | |
| 218 | + | - [ ] Document mutation testing results and target kill rate (>90%) in audit_review.md | |
| 219 | + | ||
| 220 | + | #### Integration test lifecycle coverage | |
| 221 | + | - [ ] Subscription lifecycle: subscribe via mock checkout → webhook confirms → cancel → grace period starts → grace expires → items hidden. Full lifecycle in one test. | |
| 222 | + | - [ ] Creator tier upgrade: SmallFiles → BigFiles → verify file size limits change → verify storage cap change | |
| 223 | + | - [ ] Account termination lifecycle: creator deletes account → 30-day export window → verify content accessible during window → window expires → verify S3 objects + DB rows deleted | |
| 224 | + | - [ ] Sandbox lifecycle: create sandbox → use features → verify expiry time → simulate scheduler cleanup tick → verify account gone | |
| 225 | + | ||
| 226 | + | #### Concurrent access tests | |
| 227 | + | - [ ] Concurrent purchase: 2 buyers checkout same item simultaneously → verify no double-counting in sales_count (atomic increment) | |
| 228 | + | - [ ] Concurrent promo code: 2 buyers apply same max_uses=1 code simultaneously → verify only 1 succeeds | |
| 229 | + | - [ ] Concurrent sandbox creation: 2 requests from same IP simultaneously → verify per-IP cap holds (advisory lock) | |
| 230 | + | - [ ] Concurrent file upload: 2 uploads for same item simultaneously → verify storage_used_bytes is correct (atomic try_increment) | |
| 231 | + | ||
| 232 | + | #### Integration test performance monitoring | |
| 233 | + | - [ ] Add test timing report: record wall-clock time per integration test, flag any >5s as slow | |
| 234 | + | - [ ] Profile template DB creation — log time for initial migration + per-test clone | |
| 235 | + | - [ ] Identify and optimize slowest 10 integration tests (likely ones creating multiple users + projects) | |
| 236 | + | ||
| 201 | 237 | --- | |
| 202 | 238 | ||
| 203 | 239 | ## Code Fuzz Findings (2026-04-25) |