Add CI coverage gate with --cov-fail-under to prevent regressions

## Summary
CI reports coverage, but it does not fail when coverage drops. This allows silent coverage regressions.

## Proposal
- Add a coverage gate with `--cov-fail-under=90`.
- Run this gate in one dedicated CI job (for example: Ubuntu + Python 3.12) to limit matrix cost.
- Keep the existing test matrix for compatibility checks.

## Trade-offs / Limits
- A coverage gate can slow development by adding CI friction (extra failures/retries, more test maintenance for refactors).
- Coverage is not a safety guarantee: a high percentage does not prove correctness, security, or absence of critical logic bugs.

## Acceptance criteria
- CI fails when coverage is below 90%.
- The threshold is defined in repository config (`tox.ini` and/or `pyproject.toml`).
- Coverage regressions are blocked before merge.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add CI coverage gate with --cov-fail-under to prevent regressions #401

Summary

Proposal

Trade-offs / Limits

Acceptance criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add CI coverage gate with --cov-fail-under to prevent regressions #401

Description

Summary

Proposal

Trade-offs / Limits

Acceptance criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions