[Testing] Critical test coverage gaps — repositories, jetstream, OAuth handlers untested #17
Description
Review Finding: 4 — MEDIUM
7,000 lines of tests but concentrated in OAuth middleware, lexicon parsing, and config. The most complex, business-critical code is untested:
| Package | Risk Level |
|---|---|
internal/database/repositories |
High — core data layer untested |
internal/jetstream |
High — real-time data pipeline untested |
internal/server |
High — OAuth handlers are security-critical |
internal/database/migrations |
Medium — schema breakage risk |
internal/graphql/types |
Medium — type mapping edge cases |
internal/workers |
Low — simple cleanup logic |
Fix
Priority test targets:
- Repository tests — table-driven tests for all CRUD operations
- OAuth handler tests — full authorization flow, token exchange, refresh, revocation
- Jetstream consumer tests — mock WebSocket, test event processing and cursor tracking
- Migration tests — verify up/down migrations work cleanly
- Integration test — full flow: lexicon → GraphQL schema → query → response
From codebase review §4