What the public coverage badge measures

Dokima publishes a public test-coverage badge on the project README. The badge measures the OSS engine surface — every Rust file under crates/dokima-*/ plus the model-security-stubs crate that ships in the public repo. At the most recent measurement (April 2026) the public coverage figure sits at roughly 85 percent line coverage across the workspace; the gaps are concentrated in infrastructure code (cache layer, persistent store, HTTP client retry paths) where adequate test coverage requires testcontainer fixtures that the standing CI sweep does not currently spin up.

The badge does NOT measure the private detection layer. Per the open-core split documented on the Dim 4 page (the three monitored hijacking signature classes) and the Dim 5 page (the curated probability-metric vocabulary), the production binary path-overrides into a separate private crate (model-security-core) that holds the real signature implementations, the curated benchmark vocabulary, and the calibrated heuristics. That crate's source lives in a separate repository; its tests run against its own coverage measurement; the operator reviews it monthly. The public badge cannot reflect that coverage because the source is not in this repository.

The honest framing: the public badge measures the engine; the private layer is separately covered. A single combined-coverage number is an end-state Dokima will move to once revenue funds the codecov private-repo integration that lets both measurements appear under one umbrella. Until then, the disclosure here exists so a reader of this page knows exactly what the badge counts and what it does not.

This is the same posture as the malware-tag coverage gap on the Dim 1 page and the partial-schema disclosure on the Dim 5 page. Trust requires knowing what each signal does and does not cover.