# 2026-03-27 Q-004 Coverage Remediation Pass 4

## Scope

- Continue remediating the remaining real `Q-004` gaps after Pass 3.
- This pass focused on:
  - low-coverage frontend service adapters
  - deeper non-network `internal/auth/providers` branches

## Changes

### Frontend

- Added adapter-level regression coverage in:
  - `frontend/admin/src/services/service_adapters_additional.test.ts`
- Coverage added for:
  - `users.ts`
  - `roles.ts`
  - `devices.ts`
  - `profile.ts`
  - `login-logs.ts`
  - `operation-logs.ts`
  - `permissions.ts`
  - `stats.ts`
  - `import-export.ts`
- During strict verification, `tsc -b` exposed two test-payload type mismatches in the new permission-service test data.
  - These were fixed in the test code before final validation.

### Backend

- Added provider non-network tests in:
  - `internal/auth/providers/provider_crypto_test.go`
  - `internal/auth/providers/http_test.go` (expanded)
- Newly covered provider logic includes:
  - Alipay private-key parsing for raw PKCS#8 and PEM PKCS#1 input
  - Alipay parameter signing and signature verification
  - Twitter PKCE verifier/challenge/auth URL generation
  - OAuth helper error handling for empty-body and long-body non-2xx responses

## Verified Commands

```powershell
cd D:\project\frontend\admin
npm.cmd run test:run -- src/services/service_adapters_additional.test.ts src/services/users.test.ts
npm.cmd run lint
npm.cmd run build
npm.cmd run test:coverage

cd D:\project
$env:GOCACHE='D:\project\.tmp\gocache'
$env:GOPATH='D:\project\.tmp\go'
$env:GOMODCACHE='D:\project\.tmp\go\pkg\mod'
go test ./internal/auth/providers -count=1
go test ./internal/auth/providers ./internal/repository -cover
go test ./... -count=1
go vet ./...
go build ./cmd/server
```

## Results

### Frontend coverage

- Overall:
  - statements `52.05%`
  - branches `42.86%`
  - functions `51.84%`
  - lines `52.69%`
- Target areas:
  - `services`: `86.2%` statements, `90.9%` branches
  - `src/pages/admin/UsersPage/UsersPage.tsx`: `90.98%`
  - `src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx`: `70.17%`

### Backend coverage

- `internal/auth/providers`: `15.2%`
- `internal/repository`: `37.1%`

## Real Conclusion

- This pass substantially reduced the frontend service-layer gap; that is no longer a primary blocker for `Q-004`.
- `internal/auth/providers` improved again, but it is still materially under-covered.
- `Q-004` still cannot be honestly declared closed.
- The main remaining real gaps are now concentrated in:
  - more untouched admin pages/components
  - deeper provider token/user-info parsing and error branches that can still be exercised without live network calls