test(permissions): one-time Stryker mutation audit (PP-x4li.2)#1607
Open
timothyfroehlich wants to merge 2 commits into
Open
test(permissions): one-time Stryker mutation audit (PP-x4li.2)#1607timothyfroehlich wants to merge 2 commits into
timothyfroehlich wants to merge 2 commits into
Conversation
…tion (PP-x4li.2)
One-time scoped mutation-testing setup for src/lib/permissions/** per
PP-x4li.2 — not a standing CI gate, run manually via
`pnpm run test:mutation:permissions`.
Also fixes a weak assertion the audit surfaced: the technician-role-denial
test asserted toContain("admin"), which the wrong (member-branch) message
also satisfies, silently masking a regression.
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
…issions-audit # Conflicts: # pnpm-lock.yaml
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a scoped Stryker mutation-testing setup for the permissions module tests, plus tightens an assertion uncovered during the audit to prevent a false-positive test pass.
Changes:
- Introduces Stryker + a dedicated Vitest config to run a manual, permissions-scoped mutation audit (
pnpm run test:mutation:permissions). - Adds dev dependencies for Stryker’s core + Vitest runner and ignores Stryker/report artifacts.
- Strengthens the
getPermissionDeniedReasontechnician-denial test assertion to avoid matching the wrong branch.
Reviewed changes
Copilot reviewed 4 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| vitest.stryker.config.ts | Adds a minimal Vitest config limited to permissions unit tests for mutation runs. |
| stryker.config.mjs | Adds Stryker configuration scoped to src/lib/permissions/* and outputs an HTML report under reports/. |
| src/test/unit/permissions-helpers.test.ts | Tightens an assertion to avoid a substring false-positive masking regressions. |
| package.json | Adds test:mutation:permissions script and Stryker dev dependencies. |
| pnpm-lock.yaml | Locks Stryker dependency graph additions. |
| .gitignore | Ignores generated mutation reports and Stryker temp output. |
Files not reviewed (1)
- pnpm-lock.yaml: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
One-time, scoped Stryker mutation-testing audit for
src/lib/permissions/{helpers,matrix,hooks}.ts, per PP-x4li.2 ("Stryker one-time scoped value audit (permissions)"). Not a standing CI gate — a manual tool (pnpm run test:mutation:permissions) kept for reuse against other non-negotiable modules per the parent epic (PP-x4li).Findings (full detail in the PP-x4li.2 bead comment)
getPermissionDeniedReasontest for technician-role denial assertedtoContain("admin"), which the wrong (member-branch) message also satisfies ("Technicians or admins..."), silently masking a regression. Tightened totoContain("Only admins").matrix.ts's lower mutation score (72%) is entirely untested data-table literals (permission labels/descriptions, per-role boolean cells not spot-checked) — the actual logic (getPermissionincl. fail-closed default,hasPermission,requiresOwnershipCheck) is 100% killed. No action needed.hooks.tsis dead code: 0% mutation score (zero coverage) and, on inspection, zero production consumers anywhere insrc/for any of its 8 exported hooks. Flagged for a follow-up decision (delete vs. keep for near-term UI work) — not touched in this PR.Test plan
pnpm run test:mutation:permissions— 64.95% overall score, breakdown analyzed abovepnpm run check— types/lint/format/unit all pass (pre-existing, unrelatedtypecheck:testsbaseline gap onmainnoted separately, not caused by this PR and not part of CI)🤖 Generated with Claude Code