(SP: 3) [Testing] Vitest config + unit + integration tests for quiz module

[LesiaUKR]

Week 6

Closes #197
Closes #198
Closes #199
Closes #205

Goal

Set up quiz testing foundation and achieve 90%+ coverage for critical quiz logic, hooks, API routes, and UI flow.

Scope

• Quiz test factories and setup utilities
• Unit tests for crypto, session, guest storage
• Integration tests for API routes, hooks, and UI flow

Changes

Setup / Infrastructure

• lib/tests/__mocks__/server-only.ts (server-only mock)
• lib/tests/factories/quiz/quiz.ts
• lib/tests/quiz/setup.ts
• lib/tests/quiz/quiz-setup.test.ts (9 tests)

Unit Tests

• lib/tests/quiz/quiz-crypto.test.ts (13 tests)
• lib/tests/quiz/quiz-session.test.ts (12 tests)
• lib/tests/quiz/use-quiz-session.test.ts (6 tests)
• lib/tests/quiz/guest-quiz.test.ts (5 tests)

Integration Tests

• lib/tests/quiz/verify-answer.test.ts (8 tests)
• lib/tests/quiz/quiz-anticheat.test.ts (10 tests)
• lib/tests/quiz/use-quiz-guards.test.ts (8 tests)
• lib/tests/quiz/guest-result-route.test.ts (5 tests)
• lib/tests/quiz/quiz-slug-route.test.ts (3 tests)
• components/quiz/tests/quiz-container-flow.test.tsx (1 test)

Test Metrics

Metric	Value
Test files	11
Total tests	80
Unit tests	36 (45%)
Integration tests	35 (44%)
Setup tests	9 (11%)
Line coverage (quiz scope)	90.94%

Coverage by Module

Module	Lines
quiz-crypto.ts	96.87%
useQuizSession.ts	100%
[slug]/route.ts	100%
verify-answer/route.ts	92.3%
useQuizGuards.ts	90.76%
guest-quiz.ts	90%
guest-result/route.ts	85.71%
quiz-session.ts	84%

Expected Impact

• 90%+ coverage for quiz module critical paths
• Regression protection for security (encryption, anti-cheat)
• Regression protection for UX (session persistence, guards)
• Solid foundation for future quiz features

Out of Scope

• Full E2E flows (Playwright)
• Database integration tests

Summary by CodeRabbit

• Tests
  • Added extensive quiz test coverage: anti-cheat, encryption/verification, session persistence, guest flows, API routes, hooks, and end-to-end quiz flow.
• Tests / Utilities
  • Introduced reusable test factories, environment setup, and localStorage mocks to simplify quiz tests.
• Chores
  • Enabled additional coverage reporting and ignored a new coverage output directory; added a test-coverage dev dependency.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[netlify]

✅ Deploy Preview for develop-devlovers ready!

Name	Link
🔨 Latest commit	786b33c
🔍 Latest deploy log	https://app.netlify.com/projects/develop-devlovers/deploys/6976554777523d0008eb820f
😎 Deploy Preview	https://deploy-preview-204--develop-devlovers.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds comprehensive quiz testing infrastructure: test factories, test environment utilities, vitest coverage config and devDependency, and ~13 new test files covering crypto, session persistence, anti-cheat, hooks, API routes, storage helpers, and a UI flow test.

Changes

Cohort / File(s)	Summary
Test Factories & Setup frontend/lib/tests/factories/quiz/quiz.ts, frontend/lib/tests/quiz/setup.ts	New quiz test factories (MockQuestion, MockQuizSession, factory helpers, deterministic counter) and test env utilities (TEST_ENCRYPTION_KEY, setup/cleanup, mock localStorage installable API).
Unit Tests — Utilities & Hooks frontend/lib/tests/quiz/quiz-crypto.test.ts, frontend/lib/tests/quiz/quiz-session.test.ts, frontend/lib/tests/quiz/quiz-anticheat.test.ts	New unit tests for encryption/decryption (tamper detection, base64), session save/load/expiry semantics, and anti-cheat hook event tracking and cleanup.
API Route Tests frontend/lib/tests/quiz/verify-answer.test.ts, frontend/lib/tests/quiz/guest-result-route.test.ts, frontend/lib/tests/quiz/quiz-slug-route.test.ts	Tests for POST /api/quiz/verify-answer, POST /api/quiz/guest-result, and GET /api/quiz/[slug] covering success, validation errors, not-found, and persistence flows with mocked DB/auth.
Hook & Integration Tests frontend/lib/tests/quiz/use-quiz-guards.test.ts, frontend/lib/tests/quiz/use-quiz-session.test.ts	Tests for navigation guards, beforeunload handling, external-nav flows, session restore/clear/save behavior, and interactions with persistence helpers.
Storage & Setup Validation frontend/lib/tests/quiz/guest-quiz.test.ts, frontend/lib/tests/quiz/quiz-setup.test.ts	Tests for guest-result localStorage helpers, TTL/invalid JSON handling, factory outputs, encryption key setup/cleanup, and mock localStorage behavior.
UI Flow Test frontend/components/quiz/tests/quiz-container-flow.test.tsx	End-to-end style test for quiz container: rules → start → answer selection → verify API call → transition to guest login, with multiple mocks (i18n, anti-cheat, toasts, submission).
Config & DevDependencies frontend/vitest.config.ts, frontend/package.json, frontend/.gitignore	Vitest test include extended and coverage section added (provider: v8, reporters text/html, include globs), @vitest/coverage-v8 added to devDependencies, and /coverage-quiz ignored in .gitignore.

Sequence Diagram(s)

(Skipped — changes are test additions and utilities; no new multi-component runtime control flow introduced that requires diagramming.)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related PRs

• (SP: 10) [Frontend] Quiz flow: Security encryption + session persistence + UX fixes #131 — Related: adds similar quiz test factories and comprehensive tests for crypto, session, and verify-answer flows.
• perf(quiz,points): optimize queries, fix points logic, add quiz seeding #104 — Related: touches guest-result API and quiz attempt handling which these tests exercise.
• Sl/feat/quiz #70 — Related: introduces guest-quiz handling and guest-result behavior targeted by new tests.

Suggested reviewers

• AM1007
• ViktorSvertoka

Poem

🐰
I hopped through mocks and keys so bright,
Built quizzes for the testing night,
Encrypting answers, sessions kept,
Guards and routes and flows well-stepped,
Now coverage blooms — a carrot light. 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 44.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main change: adding Vitest configuration and comprehensive unit/integration tests for the quiz module, which aligns with all changes in the PR.
Linked Issues check	✅ Passed	The PR fully addresses all linked issues (#197, #198, #199, #205): Vitest config with v8 coverage [#197], unit tests for crypto/session utilities [#198], integration tests for API/hooks [#199], and expanded coverage to 90%+ with hooks/API/UI tests [#205].
Out of Scope Changes check	✅ Passed	All changes are in-scope: test files (factories, unit/integration tests), test configuration (vitest.config, setup utilities), test infrastructure (coverage, gitignore), and dependencies (@vitest/coverage-v8) directly support testing objectives.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

frontend/package.json (1)

67-77: Fix peer dependency mismatch: @vitest/coverage-v8@4.0.18 requires vitest@4.0.18.

@vitest/coverage-v8 declares pinned peer dependencies (exact version match). The current setup violates this: @vitest/coverage-v8@4.0.18 expects vitest@4.0.18, not 4.0.16.

Choose one:

• Downgrade @vitest/coverage-v8 to ^4.0.16 to match vitest
• Upgrade vitest to ^4.0.18 to match the coverage package

Option 1: Downgrade coverage package

-    "@vitest/coverage-v8": "^4.0.18",
+    "@vitest/coverage-v8": "^4.0.16",

Option 2: Upgrade vitest

-    "vitest": "^4.0.16"
+    "vitest": "^4.0.18"

🤖 Fix all issues with AI agents

In `@frontend/lib/tests/quiz/setup.ts`:
- Around line 7-8: Replace the hardcoded high-entropy TEST_ENCRYPTION_KEY value
with a clearly labeled low-entropy test key (e.g., "test-key-000") or add a
Gitleaks allowlist comment immediately above TEST_ENCRYPTION_KEY to mark it as a
non-secret test artifact; update the exported constant TEST_ENCRYPTION_KEY in
frontend/lib/tests/quiz/setup.ts accordingly and ensure the comment states it's
intentionally non-sensitive for tests so static scanners will ignore it.

🧹 Nitpick comments (7)

frontend/lib/tests/quiz/setup.ts (1)

14-24: Restore prior QUIZ_ENCRYPTION_KEY after tests.
Current cleanup deletes any preexisting value, which can break other suites.

♻️ Preserve and restore prior env value

+let previousQuizEncryptionKey: string | undefined;
+
 export function setupQuizTestEnv(): void {
-  process.env.QUIZ_ENCRYPTION_KEY = TEST_ENCRYPTION_KEY;
+  previousQuizEncryptionKey = process.env.QUIZ_ENCRYPTION_KEY;
+  process.env.QUIZ_ENCRYPTION_KEY = TEST_ENCRYPTION_KEY;
 }
 
 export function cleanupQuizTestEnv(): void {
-  delete process.env.QUIZ_ENCRYPTION_KEY;
+  if (typeof previousQuizEncryptionKey === 'undefined') {
+    delete process.env.QUIZ_ENCRYPTION_KEY;
+  } else {
+    process.env.QUIZ_ENCRYPTION_KEY = previousQuizEncryptionKey;
+  }
+  previousQuizEncryptionKey = undefined;
 }

frontend/lib/tests/factories/quiz/quiz.ts (1)

65-71: Use a single timestamp for deterministic sessions.
Minor, but helps avoid flaky assertions if tests compare fields.

♻️ Suggested change

 export function createMockQuizSession(
   overrides?: Partial<MockQuizSession>
 ): MockQuizSession {
+  const now = Date.now();
   return {
     status: 'in_progress',
     currentIndex: 0,
     answers: [],
     questionStatus: 'answering',
     selectedAnswerId: null,
-    startedAt: Date.now(),
-    savedAt: Date.now(),
+    startedAt: now,
+    savedAt: now,
     ...overrides,
   };
 }

frontend/lib/tests/quiz/quiz-anticheat.test.ts (3)

75-99: Consider adding a test for tab becoming visible again.

The test verifies isTabActive becomes false when the tab is hidden, but there's no test verifying it returns to true when the tab becomes visible again. This would complete the visibility change coverage.

📝 Suggested additional test case

it('sets isTabActive back to true when tab becomes visible', () => {
  const { result } = renderHook(() => useAntiCheat(true));

  // Hide tab
  Object.defineProperty(document, 'hidden', { value: true, writable: true, configurable: true });
  act(() => {
    document.dispatchEvent(new Event('visibilitychange'));
  });
  expect(result.current.isTabActive).toBe(false);

  // Show tab
  Object.defineProperty(document, 'hidden', { value: false, writable: true, configurable: true });
  act(() => {
    document.dispatchEvent(new Event('visibilitychange'));
  });
  expect(result.current.isTabActive).toBe(true);
});

---

113-125: Consider verifying showWarning resets after timeout.

The test verifies showWarning becomes true on violation, but doesn't verify it returns to false after the 3000ms timeout. Since fake timers are already set up, this would be straightforward to add.

📝 Suggested enhancement

     it('sets showWarning to true when violation occurs', () => {
         const { result } = renderHook(() => useAntiCheat(true));

         expect(result.current.showWarning).toBe(false);

         act(() => {
             document.dispatchEvent(new Event('copy'));
         });

         expect(result.current.showWarning).toBe(true);
+
+        act(() => {
+            vi.advanceTimersByTime(3000);
+        });
+
+        expect(result.current.showWarning).toBe(false);
     });
-

---

51-61: Minor: Consider consistent toast verification across event tests.

The copy event test (line 48) verifies toast.warning was called with the expected message, but the paste and context-menu tests don't include this verification. Consider adding toast assertions for consistency, or removing from the copy test if comprehensive toast coverage isn't needed.

frontend/lib/tests/quiz/verify-answer.test.ts (2)

55-74: Consider making wrong answer selection more robust.

Line 61 assumes questions[0].answers[1] is always wrong, which depends on the factory implementation detail that the correct answer is at index 0. This could break silently if the factory changes.

📝 More robust wrong answer selection

     it('returns isCorrect: false for wrong answer', async () => {
       const questions = createMockQuestions(3);
       const correctAnswersMap = createCorrectAnswersMap(questions);
       const encryptedAnswers = encryptAnswers(correctAnswersMap);

       const questionId = questions[0].id;
-      const wrongAnswerId = questions[0].answers[1].id; // second answer is wrong
+      const correctAnswerId = correctAnswersMap[questionId];
+      const wrongAnswer = questions[0].answers.find(a => a.id !== correctAnswerId);
+      const wrongAnswerId = wrongAnswer!.id;

       const request = createVerifyRequest({
         questionId,
         answerId: wrongAnswerId,
         encryptedAnswers,
       });

---

95-108: Consider adding error message assertion.

The test for missing answerId only checks the status code but doesn't verify the error message like the questionId test does (line 92). Consider adding the assertion for consistency.

📝 Suggested enhancement

       const response = await POST(request);
+      const data = await response.json();

       expect(response.status).toBe(400);
+      expect(data.error).toBe('Missing required fields');
     });

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Gitleaks likely to fail on hardcoded key.
Static analysis already flagged this; CI may block. Use an allowlist comment or a low‑entropy test key.

✅ Safer test key (low‑entropy)

-export const TEST_ENCRYPTION_KEY =
-  'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2';
+export const TEST_ENCRYPTION_KEY =
+  '0000000000000000000000000000000000000000000000000000000000000000';

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export const TEST_ENCRYPTION_KEY =
	'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2';
	export const TEST_ENCRYPTION_KEY =
	'0000000000000000000000000000000000000000000000000000000000000000';

🧰 Tools

🪛 Gitleaks (8.30.0)

[high] 7-8: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🤖 Prompt for AI Agents

In `@frontend/lib/tests/quiz/setup.ts` around lines 7 - 8, Replace the hardcoded
high-entropy TEST_ENCRYPTION_KEY value with a clearly labeled low-entropy test
key (e.g., "test-key-000") or add a Gitleaks allowlist comment immediately above
TEST_ENCRYPTION_KEY to mark it as a non-secret test artifact; update the
exported constant TEST_ENCRYPTION_KEY in frontend/lib/tests/quiz/setup.ts
accordingly and ensure the comment states it's intentionally non-sensitive for
tests so static scanners will ignore it.

[coderabbitai]

Actionable comments posted: 5

🤖 Fix all issues with AI agents

In `@frontend/coverage-quiz/app/api/quiz/guest-result/index.html`:
- Around line 1-116: Remove the committed Istanbul-generated coverage HTML
(app/api/quiz/guest-result/index.html) and other generated coverage directories,
add an appropriate ignore rule like coverage-quiz/ or **/coverage*/ to
.gitignore, commit the removal and updated .gitignore, and (optionally) wire
coverage reporting into CI (e.g., Codecov/Coveralls) instead of committing
coverage artifacts.

In `@frontend/coverage-quiz/base.css`:
- Around line 5-9: The CSS for the body selector contains duplicate font names
and redundant properties causing Biome duplicate-property warnings; update the
body rule in base.css (the "body" selector) to use a deduplicated, standardized
font-family string (e.g., remove repeated entries so only "Helvetica Neue,
Helvetica, Arial, sans-serif" remains) and remove or consolidate any repeated
properties (like duplicate color or font-size declarations) elsewhere in the
file (also check the other affected blocks around lines referenced) so each
property appears only once per selector or exclude coverage-quiz/** from linting
if these are generated assets.

In `@frontend/coverage-quiz/block-navigation.js`:
- Around line 24-29: toggleClass currently calls
missingCoverageElements.item(currentIndex).classList.remove(...) but
currentIndex can be undefined on first navigation, causing a null reference;
update toggleClass (and/or initialization of currentIndex) to guard the removal
by checking that missingCoverageElements.item(currentIndex) is non-null before
calling .classList.remove, then perform the .classList.add on
missingCoverageElements.item(index) and set currentIndex = index; alternatively
ensure currentIndex is initialized to a valid integer before toggleClass is ever
invoked. Use the function name toggleClass and the variables currentIndex and
missingCoverageElements.item(...) to locate and apply the guard.
- Around line 41-63: Both navigation functions (goToPrevious and goToNext) call
makeCurrent(0) when missingCoverageElements is empty, which leads to makeCurrent
attempting to access missingCoverageElements.item(0) and crashing; fix by adding
an early guard in each function (or a shared check before navigation) that
returns immediately if missingCoverageElements.length === 0 so makeCurrent is
never called on an empty list, leaving existing index logic unchanged.

In `@frontend/lib/tests/quiz/use-quiz-guards.test.ts`:
- Around line 148-160: The test's final assertion is not being invoked because
the matcher is referenced as a property; in the test using useQuizGuards(),
replace the incorrect ".toBeNull" with a call ".toBeNull()" so the assertion
runs; update the assertion that checks
sessionStorage.getItem(getQuizReloadKey(params.quizId)) in the test that calls
result.current.markQuitting() to use .toBeNull() (referencing getQuizReloadKey,
useQuizGuards, and markQuitting to locate the test).

♻️ Duplicate comments (7)

frontend/coverage-quiz/app/api/quiz/verify-answer/index.html (1)

1-116: Auto-generated coverage file — same concern as above.

This file should be excluded from version control along with the rest of the coverage-quiz/ directory.

frontend/coverage-quiz/app/api/quiz/[slug]/index.html (1)

1-116: Auto-generated coverage file — same concern as above.

This file should be excluded from version control along with the rest of the coverage-quiz/ directory.

frontend/coverage-quiz/hooks/index.html (1)

1-131: Auto-generated coverage file — same concern as above.

This file should be excluded from version control along with the rest of the coverage-quiz/ directory.

frontend/coverage-quiz/lib/quiz/guest-quiz.ts.html (1)

1-244: Auto-generated coverage file — same concern as above.

This file should be excluded from version control along with the rest of the coverage-quiz/ directory. Note that this file also embeds source code, making it redundant with the actual source files.

frontend/coverage-quiz/hooks/useQuizGuards.ts.html (1)

1-430: Auto-generated coverage file — same concern as above.

This file should be excluded from version control along with the rest of the coverage-quiz/ directory.

frontend/coverage-quiz/lib/quiz/quiz-session.ts.html (1)

1-283: Auto-generated coverage report - same concern as other coverage files.

This is another Istanbul coverage artifact that should not be committed. See the comment on quiz-crypto.ts.html for details.

frontend/coverage-quiz/hooks/useQuizSession.ts.html (1)

1-313: Auto-generated coverage report - same concern as other coverage files.

This is another Istanbul coverage artifact that should not be committed. See the comment on quiz-crypto.ts.html for details.

🧹 Nitpick comments (9)

frontend/vitest.config.ts (1)

16-22: Consider adding components/quiz source files to the coverage configuration with explicit file extensions.

UI tests are configured to run under components/quiz/tests, but coverage.include currently omits those component source files, so coverage metrics won't be collected for them. Additionally, Vitest v4 recommends including file extensions in coverage globs for clarity and to avoid inadvertently capturing non-source files.

✅ Suggested update

     coverage: {
       provider: 'v8',
       reporter: ['text', 'html'],
-      include: ['lib/quiz/**', 'hooks/**', 'app/api/quiz/**'],
+      include: ['lib/quiz/**/*.ts', 'hooks/**/*.ts', 'app/api/quiz/**/*.ts', 'components/quiz/**/*.tsx'],
     },

frontend/coverage-quiz/block-navigation.js (1)

74-84: event.which is deprecated.

event.which is deprecated in favor of event.key. Consider updating for better compatibility with modern browsers.

♻️ Suggested refactor using event.key

-switch (event.which) {
-    case 78: // n
-    case 74: // j
-        goToNext();
-        break;
-    case 66: // b
-    case 75: // k
-    case 80: // p
-        goToPrevious();
-        break;
-}
+switch (event.key.toLowerCase()) {
+    case 'n':
+    case 'j':
+        goToNext();
+        break;
+    case 'b':
+    case 'k':
+    case 'p':
+        goToPrevious();
+        break;
+}

frontend/coverage-quiz/sorter.js (2)

84-86: Consider using DOM methods instead of innerHTML concatenation.

While this code operates on trusted Istanbul-generated content, using innerHTML concatenation can be a code smell. A safer pattern uses DOM methods.

♻️ Safer alternative using DOM methods

 if (col.sortable) {
     col.defaultDescSort = col.type === 'number';
-    colNode.innerHTML =
-        colNode.innerHTML + '<span class="sorter"></span>';
+    var sorterSpan = document.createElement('span');
+    sorterSpan.className = 'sorter';
+    colNode.appendChild(sorterSpan);
 }

---

189-193: Legacy IE compatibility check may be unnecessary.

The attachEvent fallback (line 192) is for IE8 and earlier, which are no longer supported by modern tooling. If IE8 support is not required, this can be simplified.

♻️ Simplified without IE8 fallback

-if (el.addEventListener) {
-    el.addEventListener('click', ithSorter(i));
-} else {
-    el.attachEvent('onclick', ithSorter(i));
-}
+el.addEventListener('click', ithSorter(i));

frontend/coverage-quiz/index.html (1)

167-171: window.onload assignment may conflict with other scripts.

Direct assignment to window.onload overwrites any previously assigned handlers. Since sorter.js uses addEventListener('load', ...), there's no conflict in this specific case, but this pattern can cause issues if scripts are reordered.

♻️ Safer pattern using addEventListener

-<script>
-    window.onload = function () {
-        prettyPrint();
-    };
-</script>
+<script>
+    window.addEventListener('load', function () {
+        prettyPrint();
+    });
+</script>

frontend/coverage-quiz/app/api/quiz/verify-answer/route.ts.html (1)

1-232: Coverage HTML artifacts should not be committed to the repository.

These auto-generated Istanbul coverage reports are currently tracked in frontend/coverage-quiz/, even though .gitignore has a /coverage rule at the root level (which doesn't match the frontend/coverage-quiz/ subdirectory). Coverage artifacts typically should be:

• Generated during CI/CD and published as build artifacts
• Uploaded to a coverage service (Codecov, Coveralls, etc.)
• Added to .gitignore to prevent bloating the repository

Consider either adding frontend/coverage-quiz/ to .gitignore or removing this directory if it was committed unintentionally. Alternatively, generate these reports dynamically via a coverage reporting service instead of committing them.

frontend/lib/tests/quiz/use-quiz-guards.test.ts (1)

64-83: Consider using a more realistic external URL for clarity.

The test uses javascript:void(0) as the external link href. While this technically works (it doesn't contain the current pathname), using a realistic external URL like https://example.com would make the test's intent clearer and better represent real-world scenarios.

Suggested improvement

-    link.setAttribute('href', 'javascript:void(0)');
+    link.setAttribute('href', 'https://example.com');

frontend/lib/tests/quiz/use-quiz-session.test.ts (1)

46-49: Consider adding afterEach with vi.restoreAllMocks() for consistency.

The sibling test file use-quiz-guards.test.ts includes an afterEach hook with vi.restoreAllMocks(). Adding the same here ensures mock cleanup consistency across test files and prevents potential test pollution.

Suggested improvement

   beforeEach(() => {
     sessionStorage.clear();
     vi.clearAllMocks();
   });
 
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
 
   it('restores session on reload', async () => {

frontend/coverage-quiz/lib/quiz/quiz-crypto.ts.html (1)

1-331: Remove coverage reports from source control and add to .gitignore.

The frontend/coverage-quiz/ directory containing auto-generated Istanbul coverage HTML reports is currently tracked in git. These artifacts should not be committed as they:

• Are auto-generated and can be recreated from source
• Bloat the repository with 22+ static files
• Create unnecessary noise in diffs

The current .gitignore has /coverage at root level, but this does not exclude frontend/coverage-quiz/. Add frontend/coverage-quiz/ to .gitignore to prevent future commits of coverage reports.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Potential null reference on first navigation.

When toggleClass is first called, currentIndex is undefined, so missingCoverageElements.item(currentIndex) returns null, causing a crash on .classList.remove().

🐛 Proposed fix

 function toggleClass(index) {
-    missingCoverageElements
-        .item(currentIndex)
-        .classList.remove('highlighted');
+    if (typeof currentIndex === 'number') {
+        missingCoverageElements
+            .item(currentIndex)
+            .classList.remove('highlighted');
+    }
     missingCoverageElements.item(index).classList.add('highlighted');
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	function toggleClass(index) {
	missingCoverageElements
	.item(currentIndex)
	.classList.remove('highlighted');
	missingCoverageElements.item(index).classList.add('highlighted');
	}
	function toggleClass(index) {
	if (typeof currentIndex === 'number') {
	missingCoverageElements
	.item(currentIndex)
	.classList.remove('highlighted');
	}
	missingCoverageElements.item(index).classList.add('highlighted');
	}

🤖 Prompt for AI Agents

In `@frontend/coverage-quiz/block-navigation.js` around lines 24 - 29, toggleClass
currently calls missingCoverageElements.item(currentIndex).classList.remove(...)
but currentIndex can be undefined on first navigation, causing a null reference;
update toggleClass (and/or initialization of currentIndex) to guard the removal
by checking that missingCoverageElements.item(currentIndex) is non-null before
calling .classList.remove, then perform the .classList.add on
missingCoverageElements.item(index) and set currentIndex = index; alternatively
ensure currentIndex is initialized to a valid integer before toggleClass is ever
invoked. Use the function name toggleClass and the variables currentIndex and
missingCoverageElements.item(...) to locate and apply the guard.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing bounds check for empty element list.

If missingCoverageElements is empty (no uncovered blocks), both goToPrevious and goToNext will call makeCurrent(0), which then calls missingCoverageElements.item(0) returning null and causing a crash.

🐛 Proposed fix - add early return

 function goToPrevious() {
+    if (missingCoverageElements.length === 0) {
+        return;
+    }
     var nextIndex = 0;
     // ...
 }

 function goToNext() {
+    if (missingCoverageElements.length === 0) {
+        return;
+    }
     var nextIndex = 0;
     // ...
 }

🤖 Prompt for AI Agents

In `@frontend/coverage-quiz/block-navigation.js` around lines 41 - 63, Both
navigation functions (goToPrevious and goToNext) call makeCurrent(0) when
missingCoverageElements is empty, which leads to makeCurrent attempting to
access missingCoverageElements.item(0) and crashing; fix by adding an early
guard in each function (or a shared check before navigation) that returns
immediately if missingCoverageElements.length === 0 so makeCurrent is never
called on an empty list, leaving existing index logic unchanged.