name	ln-634-test-coverage-auditor
description	Coverage Gaps audit worker (L3). Identifies missing tests for critical paths (Money 20+, Security 20+, Data Integrity 15+, Core Flows 15+). Returns list of untested critical business logic with priority justification.
allowed-tools	Read, Grep, Glob, Bash

Coverage Gaps Auditor (L3 Worker)

Specialized worker identifying missing tests for critical business logic.

Purpose & Scope

Worker in ln-630 coordinator pipeline
Audit Coverage Gaps (Category 4: High Priority)
Identify untested critical paths
Classify by category (Money, Security, Data, Core Flows)
Calculate compliance score (X/10)

Inputs (from Coordinator)

Receives contextStore with critical paths classification, codebase structure, test file list.

Domain-aware fields (NEW):

domain_mode: "domain-aware" | "global" (optional, defaults to "global")
current_domain: {name, path} when domain_mode="domain-aware"

Example contextStore (domain-aware):

{
  "tech_stack": {...},
  "best_practices": {...},
  "testFilesMetadata": [...],
  "codebase_root": "/project",
  "domain_mode": "domain-aware",
  "current_domain": {
    "name": "orders",
    "path": "src/orders"
  }
}

Workflow

Parse context from contextStore

Extract tech_stack, best_practices, testFilesMetadata

Determine scan_path (NEW):

IF domain_mode == "domain-aware":
  scan_path = codebase_root + "/" + current_domain.path
  domain_name = current_domain.name
ELSE:
  scan_path = codebase_root
  domain_name = null

Identify critical paths in scan_path (not entire codebase)
- Scan production code in scan_path for money/security/data keywords
- All Grep/Glob patterns use scan_path (not codebase_root)
- Example: Grep(pattern="payment|refund|discount", path=scan_path)
Check test coverage for each critical path
- Search ALL test files for coverage (tests may be in different location than production code)
- Match by function name, module name, or test description
Collect missing tests
- Tag each finding with domain: domain_name (if domain-aware)
Calculate score
Return JSON with domain metadata
- Include domain and scan_path fields (if domain-aware)

Critical Paths Classification

1. Money Flows (Priority 20+)

What: Any code handling financial transactions

Examples:

Payment processing (/payment, processPayment())
Discounts/promotions (calculateDiscount(), applyPromoCode())
Tax calculations (calculateTax(), getTaxRate())
Refunds (processRefund(), /refund)
Invoices/billing (generateInvoice(), createBill())
Currency conversion (convertCurrency())

Min Priority: 20

Why Critical: Money loss, fraud, legal compliance

2. Security Flows (Priority 20+)

What: Authentication, authorization, encryption

Examples:

Login/logout (/login, authenticate())
Token refresh (/refresh-token, refreshAccessToken())
Password reset (/forgot-password, resetPassword())
Permissions/RBAC (checkPermission(), hasRole())
Encryption/hashing (custom crypto logic, NOT bcrypt/argon2)
API key validation (validateApiKey())

Min Priority: 20

Why Critical: Security breach, data leak, unauthorized access

3. Data Integrity (Priority 15+)

What: CRUD operations, transactions, validation

Examples:

Critical CRUD (createUser(), deleteOrder(), updateProduct())
Database transactions (withTransaction())
Data validation (custom validators, NOT framework defaults)
Data migrations (runMigration())
Unique constraints (checkDuplicateEmail())

Min Priority: 15

Why Critical: Data corruption, lost data, inconsistent state

4. Core User Journeys (Priority 15+)

What: Multi-step flows critical to business

Examples:

Registration → Email verification → Onboarding
Search → Product details → Add to cart → Checkout
Upload file → Process → Download result
Submit form → Approval workflow → Notification

Min Priority: 15

Why Critical: Broken user flow = lost customers

Audit Rules

1. Identify Critical Paths

Process:

Scan codebase for money-related keywords: payment, refund, discount, tax, price, currency
Scan for security keywords: auth, login, password, token, permission, encrypt
Scan for data keywords: transaction, validation, migration, constraint
Scan for user journeys: multi-step flows in routes/controllers

2. Check Test Coverage

For each critical path:

Search test files for matching test name/description
If NO test found → add to missing tests list
If test found but inadequate (only positive, no edge cases) → add to gaps list

3. Categorize Gaps

Severity by Priority:

CRITICAL: Priority 20+ (Money, Security)
HIGH: Priority 15-19 (Data, Core Flows)
MEDIUM: Priority 10-14 (Important but not critical)

4. Provide Justification

For each missing test:

Explain WHY it's critical (money loss, security breach, etc.)
Suggest test type (E2E, Integration, Unit)
Estimate effort (S/M/L)

Scoring Algorithm

critical_paths = count of critical paths
tested_paths = count of critical paths with tests
coverage_percentage = (tested_paths / critical_paths) * 100
score = coverage_percentage / 10  // 100% coverage = 10 score
score = max(0, min(10, score))

Output Format

Global mode output:

{
  "category": "Coverage Gaps",
  "score": 6,
  "critical_paths_total": 25,
  "tested_paths": 15,
  "untested_paths": 10,
  "coverage_percentage": 60,
  "findings": [
    {
      "severity": "CRITICAL",
      "category": "Money",
      "missing_test": "E2E: Payment with discount code",
      "location": "services/payment.ts:processPayment()",
      "priority": 25,
      "justification": "Money calculation with discount logic — high risk of incorrect total",
      "test_type": "E2E",
      "effort": "M"
    }
  ]
}

Domain-aware mode output (NEW):

{
  "category": "Coverage Gaps",
  "score": 7,
  "domain": "orders",
  "scan_path": "src/orders",
  "critical_paths_total": 12,
  "tested_paths": 8,
  "untested_paths": 4,
  "coverage_percentage": 67,
  "findings": [
    {
      "severity": "CRITICAL",
      "category": "Money",
      "missing_test": "E2E: applyDiscount() with edge cases",
      "location": "src/orders/services/order.ts:45",
      "priority": 25,
      "justification": "Discount calculation in orders domain — high risk of incorrect total",
      "test_type": "E2E",
      "effort": "M",
      "domain": "orders"
    },
    {
      "severity": "HIGH",
      "category": "Data Integrity",
      "missing_test": "Integration: orderTransaction() rollback",
      "location": "src/orders/repositories/order.ts:78",
      "priority": 18,
      "justification": "Data corruption risk in orders domain",
      "test_type": "Integration",
      "effort": "M",
      "domain": "orders"
    }
  ]
}

Critical Rules

Domain-aware scanning: If domain_mode="domain-aware", scan ONLY scan_path production code (not entire codebase)
Tag findings: Include domain field in each finding when domain-aware
Test search scope: Search ALL test files for coverage (tests may be in different location than production code)
Match by name: Use function name, module name, or test description to match tests to production code

Definition of Done

contextStore parsed (including domain_mode and current_domain)
scan_path determined (domain path or codebase root)
Critical paths identified in scan_path (Money, Security, Data, Core Flows)
Test coverage checked for each critical path
Missing tests collected with severity, priority, justification, domain
Score calculated
JSON returned to coordinator with domain metadata

Version: 3.0.0 Last Updated: 2025-12-23

ln-634-test-coverage-auditor

Install Skill

SKILL.md

Coverage Gaps Auditor (L3 Worker)

Purpose & Scope

Inputs (from Coordinator)

Workflow

Critical Paths Classification

1. Money Flows (Priority 20+)

2. Security Flows (Priority 20+)

3. Data Integrity (Priority 15+)

4. Core User Journeys (Priority 15+)

Audit Rules

1. Identify Critical Paths

2. Check Test Coverage

3. Categorize Gaps

4. Provide Justification

Scoring Algorithm

Output Format

Critical Rules

Definition of Done