Skip to content

test(permissions): one-time Stryker mutation audit (PP-x4li.2)#1607

Open
timothyfroehlich wants to merge 2 commits into
mainfrom
worktree-stryker-permissions-audit
Open

test(permissions): one-time Stryker mutation audit (PP-x4li.2)#1607
timothyfroehlich wants to merge 2 commits into
mainfrom
worktree-stryker-permissions-audit

Conversation

@timothyfroehlich

Copy link
Copy Markdown
Owner

Summary

One-time, scoped Stryker mutation-testing audit for src/lib/permissions/{helpers,matrix,hooks}.ts, per PP-x4li.2 ("Stryker one-time scoped value audit (permissions)"). Not a standing CI gate — a manual tool (pnpm run test:mutation:permissions) kept for reuse against other non-negotiable modules per the parent epic (PP-x4li).

Findings (full detail in the PP-x4li.2 bead comment)

  • Fixed a real weak-assertion bug: getPermissionDeniedReason test for technician-role denial asserted toContain("admin"), which the wrong (member-branch) message also satisfies ("Technicians or admins..."), silently masking a regression. Tightened to toContain("Only admins").
  • matrix.ts's lower mutation score (72%) is entirely untested data-table literals (permission labels/descriptions, per-role boolean cells not spot-checked) — the actual logic (getPermission incl. fail-closed default, hasPermission, requiresOwnershipCheck) is 100% killed. No action needed.
  • hooks.ts is dead code: 0% mutation score (zero coverage) and, on inspection, zero production consumers anywhere in src/ for any of its 8 exported hooks. Flagged for a follow-up decision (delete vs. keep for near-term UI work) — not touched in this PR.

Test plan

  • pnpm run test:mutation:permissions — 64.95% overall score, breakdown analyzed above
  • pnpm run check — types/lint/format/unit all pass (pre-existing, unrelated typecheck:tests baseline gap on main noted separately, not caused by this PR and not part of CI)
  • 1306 unit tests pass

🤖 Generated with Claude Code

timothyfroehlich and others added 2 commits July 5, 2026 18:39
…tion (PP-x4li.2)

One-time scoped mutation-testing setup for src/lib/permissions/** per
PP-x4li.2 — not a standing CI gate, run manually via
`pnpm run test:mutation:permissions`.

Also fixes a weak assertion the audit surfaced: the technician-role-denial
test asserted toContain("admin"), which the wrong (member-branch) message
also satisfies, silently masking a regression.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 6, 2026 00:47
@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
pin-point Ready Ready Preview, Comment Jul 6, 2026 12:48am

Request Review

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a scoped Stryker mutation-testing setup for the permissions module tests, plus tightens an assertion uncovered during the audit to prevent a false-positive test pass.

Changes:

  • Introduces Stryker + a dedicated Vitest config to run a manual, permissions-scoped mutation audit (pnpm run test:mutation:permissions).
  • Adds dev dependencies for Stryker’s core + Vitest runner and ignores Stryker/report artifacts.
  • Strengthens the getPermissionDeniedReason technician-denial test assertion to avoid matching the wrong branch.

Reviewed changes

Copilot reviewed 4 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
vitest.stryker.config.ts Adds a minimal Vitest config limited to permissions unit tests for mutation runs.
stryker.config.mjs Adds Stryker configuration scoped to src/lib/permissions/* and outputs an HTML report under reports/.
src/test/unit/permissions-helpers.test.ts Tightens an assertion to avoid a substring false-positive masking regressions.
package.json Adds test:mutation:permissions script and Stryker dev dependencies.
pnpm-lock.yaml Locks Stryker dependency graph additions.
.gitignore Ignores generated mutation reports and Stryker temp output.
Files not reviewed (1)
  • pnpm-lock.yaml: Generated file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants