docs: project docs, scripts, deployment configs, and evidence

docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-224352.md

@@ -0,0 +1,86 @@
+# 2026-03-27 Q-004 Coverage Remediation Pass 4
+
+## Scope
+
+- Continue remediating the remaining real `Q-004` gaps after Pass 3.
+- This pass focused on:
+  - low-coverage frontend service adapters
+  - deeper non-network `internal/auth/providers` branches
+
+## Changes
+
+### Frontend
+
+- Added adapter-level regression coverage in:
+  - `frontend/admin/src/services/service_adapters_additional.test.ts`
+- Coverage added for:
+  - `users.ts`
+  - `roles.ts`
+  - `devices.ts`
+  - `profile.ts`
+  - `login-logs.ts`
+  - `operation-logs.ts`
+  - `permissions.ts`
+  - `stats.ts`
+  - `import-export.ts`
+- During strict verification, `tsc -b` exposed two test-payload type mismatches in the new permission-service test data.
+  - These were fixed in the test code before final validation.
+
+### Backend
+
+- Added provider non-network tests in:
+  - `internal/auth/providers/provider_crypto_test.go`
+  - `internal/auth/providers/http_test.go` (expanded)
+- Newly covered provider logic includes:
+  - Alipay private-key parsing for raw PKCS#8 and PEM PKCS#1 input
+  - Alipay parameter signing and signature verification
+  - Twitter PKCE verifier/challenge/auth URL generation
+  - OAuth helper error handling for empty-body and long-body non-2xx responses
+
+## Verified Commands
+
+```powershell
+cd D:\project\frontend\admin
+npm.cmd run test:run -- src/services/service_adapters_additional.test.ts src/services/users.test.ts
+npm.cmd run lint
+npm.cmd run build
+npm.cmd run test:coverage
+
+cd D:\project
+$env:GOCACHE='D:\project\.tmp\gocache'
+$env:GOPATH='D:\project\.tmp\go'
+$env:GOMODCACHE='D:\project\.tmp\go\pkg\mod'
+go test ./internal/auth/providers -count=1
+go test ./internal/auth/providers ./internal/repository -cover
+go test ./... -count=1
+go vet ./...
+go build ./cmd/server
+```
+
+## Results
+
+### Frontend coverage
+
+- Overall:
+  - statements `52.05%`
+  - branches `42.86%`
+  - functions `51.84%`
+  - lines `52.69%`
+- Target areas:
+  - `services`: `86.2%` statements, `90.9%` branches
+  - `src/pages/admin/UsersPage/UsersPage.tsx`: `90.98%`
+  - `src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx`: `70.17%`
+
+### Backend coverage
+
+- `internal/auth/providers`: `15.2%`
+- `internal/repository`: `37.1%`
+
+## Real Conclusion
+
+- This pass substantially reduced the frontend service-layer gap; that is no longer a primary blocker for `Q-004`.
+- `internal/auth/providers` improved again, but it is still materially under-covered.
+- `Q-004` still cannot be honestly declared closed.
+- The main remaining real gaps are now concentrated in:
+  - more untouched admin pages/components
+  - deeper provider token/user-info parsing and error branches that can still be exercised without live network calls