ci(coverage): enforce 80% coverage thresholds across all language stacks

[WilliamBerryiii]

OSSF Silver Criterion

test_statement_coverage80 (MUST) — The project MUST have at least 80% statement coverage from tests.

Description

Establish an umbrella coverage enforcement strategy requiring 80% statement coverage across all imperative language stacks. Individual stack coverage is partially addressed by Passing badge issues (#140 for JavaScript vitest, #155 for Rust), but Silver requires a coordinated 80% standard across all languages with CI enforcement.

The repository contains imperative code in Rust, JavaScript/TypeScript, PowerShell, and Python. Terraform is excluded — OSSF test_statement_coverage80 specifies "statement coverage" for imperative code with countable executable statements; declarative IaC has no standard definition for this metric.

Acceptance Criteria

• Coverage tools configured per stack:
  • Rust: cargo-tarpaulin or cargo-llvm-cov (builds on ci(rust-coverage): add Rust code coverage reporting #155)
  • JavaScript/TypeScript: vitest coverage (builds on ci(coverage): add coverage thresholds to frontend vitest configuration #140)
  • PowerShell: Pester code coverage
  • Python: coverage.py / pytest-cov
• 80% statement coverage threshold enforced in CI for imperative code stacks
• CI fails on coverage regression below 80%
• Coverage reports are aggregated or linked in PR checks
• Coverage badges or metrics are visible in README or CI dashboard

Implementation Guidance

This is a multi-sprint effort. Suggested progression:

1. Phase 1: Establish coverage baselines for all stacks (measure current state)
2. Phase 2: Set initial thresholds (start at current baseline, ratchet up to 80%)
3. Phase 3: Enforce 80% in CI with failure on regression

Per-stack tooling:

Stack	Tool	CI Integration
Rust	cargo-tarpaulin	GitHub Actions step
JS/TS	vitest --coverage	GitHub Actions step (#140)
PowerShell	Pester -CodeCoverage	GitHub Actions step
Python	pytest-cov	GitHub Actions step

Reaching 80% across 10 independent Rust crates (each requiring its own cargo-tarpaulin configuration and test suite) is a multi-sprint effort spanning weeks to months.

References

• Related: ci(coverage): add coverage thresholds to frontend vitest configuration #140 (JavaScript vitest coverage), ci(rust-coverage): add Rust code coverage reporting #155 (Rust coverage)
• Research: .copilot-tracking/research/2026-02-07-ossf-silver-gaps-detail-research.md — test_statement_coverage80

Relationships

• Builds on ci(coverage): add coverage thresholds to frontend vitest configuration #140 and ci(rust-coverage): add Rust code coverage reporting #155
• ci(lint): add per-crate Rust clippy lints and CI integration #169 (Rust clippy) shares Rust toolchain investment
• IS018 tracks this issue