Testing

Local gate

Run the full local gate before opening or updating a release pull request:


npm ci

npm run format:check

npm run lint

npm run check:dead-code

npm run test:coverage

npm run test:fuzz

npm run build

npm run test:e2e

npm audit --audit-level=moderate

npm run check:install-scripts

npm pack --dry-run

npm run check:package-size

node scripts/check-version-sync.mjs

node scripts/validate-mcp-metadata.mjs

npm run check:security-policy

Run the e2e stdio flow after building:


npm run build

npm run test:e2e

Run deterministic property-based regression tests for import payloads, search

normalization, HTTP allowlist validation, and redaction:


npm run test:fuzz

Run the package hygiene checks whenever exports, scripts, package metadata, or

the files allowlist changes:


npm run check:dead-code

npm run check:package-size

Run the Docker gate when the Dockerfile or HTTP runtime changes:


docker build -t debug-recorder-mcp:local .

Coverage focus

The unit suite covers:

normalization, HTTP allowlists, and redaction

CI enforces coverage thresholds, e2e flow coverage, deterministic fuzz

regression tests, dead-code checks, dependency audit, install-script approval checks, package dry run, package

size checks, version synchronization, MCP metadata validation, SBOM/VEX policy invariant checks, workflow

linting, workflow security scanning, secret scanning, Trivy, CodeQL, and

scheduled OpenSSF Scorecard.