Skip to content

[test-improver] Improve tests for guard Registry.HasNonNoopGuard#3158

Draft
github-actions[bot] wants to merge 1 commit intomainfrom
test-improver/guard-has-non-noop-guard-3e1ab3a737a10cdf
Draft

[test-improver] Improve tests for guard Registry.HasNonNoopGuard#3158
github-actions[bot] wants to merge 1 commit intomainfrom
test-improver/guard-has-non-noop-guard-3e1ab3a737a10cdf

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot commented Apr 4, 2026

Test Improvements: internal/guard/guard_test.go

File Analyzed

  • Test File: internal/guard/guard_test.go
  • Package: internal/guard
  • Lines of Code: 802 → 847 (+45 lines)

Improvements Made

1. Increased Coverage — Direct Tests for Registry.HasNonNoopGuard

Problem: The HasNonNoopGuard method in internal/guard/registry.go was called from internal/server/unified.go to determine whether DIFC should be auto-enabled:

// server/unified.go line 170
if !us.enableDIFC && (us.guardRegistry.HasNonNoopGuard() || ...) {

Despite being a meaningful predicate used in server startup logic, HasNonNoopGuard had no dedicated unit tests in guard_test.go. All other Registry methods (Register, Get, Has, List, Remove, GetGuardInfo) had explicit subtests — HasNonNoopGuard was the only gap.

2. New Test: TestGuardRegistry_HasNonNoopGuard

Added 6 subtests covering all branches of the HasNonNoopGuard method:

  • empty registry returns false — verifies base case
  • only noop guards returns false — verifies multiple noop guards don't trigger true
  • one non-noop guard returns true — verifies detection of a single non-noop guard
  • mix of noop and non-noop returns true — verifies any non-noop triggers true
  • removing non-noop guard makes it return false — verifies dynamic removal
  • replacing non-noop with noop returns false — verifies guard replacement

The tests reuse the existing mockGuard helper and follow the established subtest patterns throughout the file (consistent with TestGuardRegistry).

3. Cleaner & More Stable Tests

  • ✅ Each subtest uses its own fresh NewRegistry() — fully isolated, no shared state
  • ✅ Uses assert.True/assert.False for clear, readable assertions
  • ✅ Tests the state before and after mutations (remove/replace) to validate dynamic behaviour
  • ✅ Follows the existing file style exactly — no new imports needed

Why These Changes?

HasNonNoopGuard is the sentinel used by the server to auto-activate DIFC when a non-trivial guard is registered. A regression in this predicate (e.g., always returning false) would silently disable DIFC enforcement at startup — a security-relevant failure. Despite the rest of the Registry API being well-tested, this method was the only gap.

Generated by Test Improver Workflow
Focuses on better patterns, increased coverage, and more stable tests

Generated by Test Improver ·

@github-actions
Add tests for Registry.HasNonNoopGuard
57f313a 
Add TestGuardRegistry_HasNonNoopGuard covering all branches of the
HasNonNoopGuard method which was used in server/unified.go but had
no dedicated unit tests:

- empty registry returns false
- only noop guards returns false
- one non-noop guard returns true
- mix of noop and non-noop returns true
- removing the non-noop guard reverts to false
- replacing non-noop with noop reverts to false

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automation improvement testing

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants