代码测试覆盖率审计工具 - 识别关键业务逻辑缺失测试，提升代码质量与安全性

ln-634-test-coverage-auditor by levnikolaevich/claude-code-skills

164 周安装量

245 GitHub Stars

安装命令

npx skills add https://github.com/levnikolaevich/claude-code-skills --skill ln-634-test-coverage-auditor

🇨🇳中文介绍

路径说明： 文件路径（shared/、references/、../ln-*）是相对于技能仓库根目录的。如果在当前工作目录（CWD）中未找到，请定位此 SKILL.md 文件所在的目录，然后向上返回一级以找到仓库根目录。如果缺少 shared/ 目录，请通过 WebFetch 从 https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} 获取文件。

覆盖率缺口审计员 (L3 工作器)

专门用于识别关键业务逻辑缺失测试的工作器。

目的与范围

ln-630 协调器流水线中的工作器
审计覆盖率缺口（类别 4：高优先级）
识别未测试的关键路径
按类别分类（资金、安全、数据、核心流程）
计算合规分数 (X/10)

输入（来自协调器）

必读： 加载 shared/references/audit_worker_core_contract.md。

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

1. 资金流（优先级 20+）

内容： 任何处理金融交易的代码

支付处理（/payment、processPayment()）
折扣/促销（calculateDiscount()、applyPromoCode()）
税费计算（calculateTax()、getTaxRate()）
退款（processRefund()、/refund）
发票/账单（generateInvoice()、createBill()）
货币转换（convertCurrency()）

最低优先级： 20

为何关键： 资金损失、欺诈、法律合规

2. 安全流（优先级 20+）

内容： 认证、授权、加密

登录/登出（/login、authenticate()）
令牌刷新（/refresh-token、refreshAccessToken()）
密码重置（/forgot-password、resetPassword()）
权限/RBAC（checkPermission()、hasRole()）
加密/哈希（自定义加密逻辑，非 bcrypt/argon2）
API 密钥验证（validateApiKey()）

最低优先级： 20

为何关键： 安全漏洞、数据泄露、未授权访问

3. 数据完整性（优先级 15+）

内容： CRUD 操作、事务、验证

关键 CRUD（createUser()、deleteOrder()、updateProduct()）
数据库事务（withTransaction()）
数据验证（自定义验证器，非框架默认）
数据迁移（runMigration()）
唯一性约束（checkDuplicateEmail()）

最低优先级： 15

为何关键： 数据损坏、数据丢失、状态不一致

4. 核心用户旅程（优先级 15+）

内容： 对业务至关重要的多步骤流程

注册 → 邮箱验证 → 新用户引导
搜索 → 产品详情 → 加入购物车 → 结账
上传文件 → 处理 → 下载结果
提交表单 → 审批工作流 → 通知

最低优先级： 15

为何关键： 用户流程中断 = 客户流失

1. 识别关键路径

扫描代码库中与资金相关的关键词：payment、refund、discount、tax、price、currency
扫描安全关键词：auth、login、password、token、permission、encrypt
扫描数据关键词：transaction、validation、migration、constraint
扫描用户旅程：路由/控制器中的多步骤流程

2. 检查测试覆盖率

对于每个关键路径：

在测试文件中搜索匹配的测试名称/描述
如果未找到测试 → 添加到缺失测试列表
如果找到测试但不充分（只有正向用例，没有边界情况） → 添加到缺口列表

3. 对缺口进行分类

按优先级划分严重性：

CRITICAL： 优先级 20+（资金、安全）
HIGH： 优先级 15-19（数据、核心流程）
MEDIUM： 优先级 10-14（重要但不关键）
降级情况： 函数已被 E2E 测试覆盖 → LOW。少于 10 行、从已测试代码调用的辅助函数 → 跳过

对于每个缺失的测试：

解释为何它很关键（资金损失、安全漏洞等）
建议测试类型（E2E、集成、单元）
估算工作量（S/M/L）

必读： 加载 shared/references/audit_worker_core_contract.md 和 shared/references/audit_scoring.md。

按优先级映射严重性：

优先级 20+（资金、安全）缺失测试 → CRITICAL
优先级 15-19（数据完整性、核心流程）缺失测试 → HIGH
优先级 10-14（重要）缺失测试 → MEDIUM
优先级 <10（锦上添花） → LOW

必读： 加载 shared/references/audit_worker_core_contract.md 和 shared/templates/audit_worker_report_template.md。

将报告写入 {output_dir}/634-coverage-gaps.md（全局）或 {output_dir}/634-coverage-gaps-{domain}.md（领域感知），并包含 category: "Coverage Gaps" 和检查项：money_flow_coverage、security_flow_coverage、data_integrity_coverage、core_journey_coverage。

向协调器返回摘要：

Report written: docs/project/.audit/ln-630/{YYYY-MM-DD}/634-coverage-gaps.md
Score: X.X/10 | Issues: N (C:N H:N M:N L:N)

必读： 加载 shared/references/audit_worker_core_contract.md。

领域感知扫描： 如果 domain_mode="domain-aware"，仅扫描 scan_path 中的生产代码（非整个代码库）
标记发现： 当领域感知时，在每个发现中包含 domain 字段
测试搜索范围： 在所有测试文件中搜索覆盖率（测试文件位置可能与生产代码不同）
按名称匹配： 使用函数名、模块名或测试描述来匹配测试与生产代码

必读： 加载 shared/references/audit_worker_core_contract.md。

contextStore 解析成功（包括 output_dir、domain_mode、current_domain）
scan_path 已确定（领域路径或代码库根目录）
已识别 scan_path 中的关键路径（资金、安全、数据、核心流程）
已检查每个关键路径的测试覆盖率
已收集缺失的测试，包含严重性、优先级、理由、领域
已使用惩罚算法计算分数
报告已写入 {output_dir}/634-coverage-gaps.md 或 634-coverage-gaps-{domain}.md（原子性单次 Write 调用）
摘要已返回给协调器

审计输出模式： shared/references/audit_output_schema.md

版本： 3.0.0 最后更新： 2025-12-23

🇺🇸English

Paths: File paths (shared/, references/, ../ln-*) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root. If shared/ is missing, fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}.

Coverage Gaps Auditor (L3 Worker)

Specialized worker identifying missing tests for critical business logic.

Purpose & Scope

Worker in ln-630 coordinator pipeline
Audit Coverage Gaps (Category 4: High Priority)
Identify untested critical paths
Classify by category (Money, Security, Data, Core Flows)
Calculate compliance score (X/10)

Inputs (from Coordinator)

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

Receives contextStore with: tech_stack, testFilesMetadata, codebase_root, output_dir.

Domain-aware: Supports domain_mode + current_domain (see audit_output_schema.md#domain-aware-worker-output).

Workflow

MANDATORY READ: Load shared/references/two_layer_detection.md for detection methodology.

Parse context — extract fields, determine scan_path (domain-aware if specified) ELSE: scan_path = codebase_root domain_name = null
Identify critical paths in scan_path (not entire codebase)
- Scan production code in scan_path for money/security/data keywords
- All Grep/Glob patterns use scan_path (not codebase_root)
- Example: Grep(pattern="payment|refund|discount", path=scan_path)
Check test coverage for each critical path (Layer 1)
- Search ALL test files for coverage (tests may be in different location than production code)
- Match by function name, module name, or test description 3b) Context Analysis (Layer 2 — MANDATORY): For each gap candidate, ask:
- Is this function already covered by E2E/integration test? → downgrade to LOW
- Is this a helper function with <10 lines called from tested code? → skip
- Is keyword match a false positive (e.g., paymentIcon() is UI, not payment logic)? →

Critical Paths Classification

1. Money Flows (Priority 20+)

What: Any code handling financial transactions

Examples:

Payment processing (/payment, processPayment())
Discounts/promotions (calculateDiscount(), applyPromoCode())
Tax calculations (calculateTax(), getTaxRate())
Refunds (processRefund(), /refund)
Invoices/billing (generateInvoice(), createBill())
Currency conversion ()

Min Priority: 20

Why Critical: Money loss, fraud, legal compliance

2. Security Flows (Priority 20+)

What: Authentication, authorization, encryption

Examples:

Login/logout (/login, authenticate())
Token refresh (/refresh-token, refreshAccessToken())
Password reset (/forgot-password, resetPassword())
Permissions/RBAC (checkPermission(), hasRole())
Encryption/hashing (custom crypto logic, NOT bcrypt/argon2)
API key validation (validateApiKey())

Min Priority: 20

Why Critical: Security breach, data leak, unauthorized access

3. Data Integrity (Priority 15+)

What: CRUD operations, transactions, validation

Examples:

Critical CRUD (createUser(), deleteOrder(), updateProduct())
Database transactions (withTransaction())
Data validation (custom validators, NOT framework defaults)
Data migrations (runMigration())
Unique constraints (checkDuplicateEmail())

Min Priority: 15

Why Critical: Data corruption, lost data, inconsistent state

4. Core User Journeys (Priority 15+)

What: Multi-step flows critical to business

Examples:

Registration → Email verification → Onboarding
Search → Product details → Add to cart → Checkout
Upload file → Process → Download result
Submit form → Approval workflow → Notification

Min Priority: 15

Why Critical: Broken user flow = lost customers

Audit Rules

1. Identify Critical Paths

Process:

Scan codebase for money-related keywords: payment, refund, discount, tax, price, currency
Scan for security keywords: auth, login, password, token, permission, encrypt

2. Check Test Coverage

For each critical path:

Search test files for matching test name/description
If NO test found → add to missing tests list
If test found but inadequate (only positive, no edge cases) → add to gaps list

3. Categorize Gaps

Severity by Priority:

CRITICAL: Priority 20+ (Money, Security)
HIGH: Priority 15-19 (Data, Core Flows)
MEDIUM: Priority 10-14 (Important but not critical)
Downgrade when: Function already covered by E2E test → LOW. Helper with <10 lines called from tested code → skip

4. Provide Justification

For each missing test:

Explain WHY it's critical (money loss, security breach, etc.)
Suggest test type (E2E, Integration, Unit)
Estimate effort (S/M/L)

Scoring Algorithm

MANDATORY READ: Load shared/references/audit_worker_core_contract.md and shared/references/audit_scoring.md.

Severity mapping by Priority:

Priority 20+ (Money, Security) missing test → CRITICAL
Priority 15-19 (Data Integrity, Core Flows) missing test → HIGH
Priority 10-14 (Important) missing test → MEDIUM
Priority <10 (Nice-to-have) → LOW

Output Format

MANDATORY READ: Load shared/references/audit_worker_core_contract.md and shared/templates/audit_worker_report_template.md.

Write report to {output_dir}/634-coverage-gaps.md (global) or {output_dir}/634-coverage-gaps-{domain}.md (domain-aware) with category: "Coverage Gaps" and checks: money_flow_coverage, security_flow_coverage, data_integrity_coverage, core_journey_coverage.

Return summary to coordinator:

Report written: docs/project/.audit/ln-630/{YYYY-MM-DD}/634-coverage-gaps.md
Score: X.X/10 | Issues: N (C:N H:N M:N L:N)

Critical Rules

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

Domain-aware scanning: If domain_mode="domain-aware", scan ONLY scan_path production code (not entire codebase)
Tag findings: Include domain field in each finding when domain-aware
Test search scope: Search ALL test files for coverage (tests may be in different location than production code)
Match by name: Use function name, module name, or test description to match tests to production code

Definition of Done

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

contextStore parsed successfully (including output_dir, domain_mode, current_domain)
scan_path determined (domain path or codebase root)
Critical paths identified in scan_path (Money, Security, Data, Core Flows)
Test coverage checked for each critical path
Missing tests collected with severity, priority, justification, domain
Score calculated using penalty algorithm
Report written to {output_dir}/634-coverage-gaps.md or 634-coverage-gaps-{domain}.md (atomic single Write call)
Summary returned to coordinator

Reference Files

Audit output schema: shared/references/audit_output_schema.md

Version: 3.0.0 Last Updated: 2025-12-23

Weekly Installs

164

Repository

levnikolaevich/…e-skills

GitHub Stars

245

First Seen

Jan 24, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

claude-code151

codex148

cursor148

opencode148

gemini-cli147

github-copilot143

Skills CLI 使用指南：AI Agent 技能包管理器安装与管理教程

33,600 周安装

Collect missing tests

Tag each finding with domain: domain_name (if domain-aware)

Calculate Score: Count violations by severity, calculate compliance score (X/10)

Write Report: Build full markdown report in memory per shared/templates/audit_worker_report_template.md, write to {output_dir}/634-coverage-gaps.md (or {output_dir}/634-coverage-gaps-{domain}.md if domain-aware) in single Write call

Return Summary: Return minimal summary to coordinator (see Output Format)

Scan for data keywords: transaction, validation, migration, constraint

Scan for user journeys: multi-step flows in routes/controllers

代码测试覆盖率审计工具 - 识别关键业务逻辑缺失测试，提升代码质量与安全性

🇨🇳中文介绍

覆盖率缺口审计员 (L3 工作器)

目的与范围

输入（来自协调器）

相关 Skills

工作流程

关键路径分类

1. 资金流（优先级 20+）

2. 安全流（优先级 20+）

3. 数据完整性（优先级 15+）

4. 核心用户旅程（优先级 15+）

审计规则

1. 识别关键路径

2. 检查测试覆盖率

3. 对缺口进行分类

4. 提供理由

评分算法

输出格式

关键规则

完成定义

参考文件

🇺🇸English

Coverage Gaps Auditor (L3 Worker)

Purpose & Scope

Inputs (from Coordinator)

Workflow

Critical Paths Classification

1. Money Flows (Priority 20+)

2. Security Flows (Priority 20+)

3. Data Integrity (Priority 15+)

4. Core User Journeys (Priority 15+)

Audit Rules

1. Identify Critical Paths

2. Check Test Coverage

3. Categorize Gaps

4. Provide Justification

Scoring Algorithm

Output Format

Critical Rules

Definition of Done

Reference Files

最新 Skills