refactor: split server.proxy.test.js into 6 focused test modules by Copilot · Pull Request #3827 · github/gh-aw-firewall

Copilot · 2026-05-26T00:04:36Z

containers/api-proxy/server.proxy.test.js had grown to 1,711 lines covering 7 distinct test concerns across proxyWebSocket, proxyRequest, and token steering utilities — making navigation, parallel execution, and targeted test runs awkward.

Split

The file is deleted and replaced with six focused modules, each with its own self-contained module setup:

File	Tests	Responsibility
`server.websocket.test.js`	13	`proxyWebSocket` — request validation, CONNECT tunnel, auth injection
`server.proxy-headers.test.js`	6	X-Initiator injection, `tool_calls` normalisation
`server.anthropic-beta.test.js`	11	Deprecated beta header retry/learning/proactive-strip logic
`server.error-handling.test.js`	3	Client stream errors, upstream errors, proxy errors
`server.token-guards.test.js`	3	Effective token limit + max-runs 429 guards
`server.token-steering.test.js`	14	`getAndClearPendingSteeringMessage`, `injectSteeringMessage`, integration

Approach

Each file sets up its own beforeAll/afterAll loading only the symbols it needs from ./server and ./proxy-request, with jest.resetModules() guard for HTTPS_PROXY isolation.
The token-steering describe's inner beforeAll was hoisted to file scope and the duplicate guard-reset calls that resulted were deduplicated.
No production code changes. All 50 original test cases pass.

Split the 1,711-line server.proxy.test.js into focused modules: - server.websocket.test.js (~280 lines) — proxyWebSocket suite - server.proxy-headers.test.js (~130 lines) — X-Initiator + tool_calls - server.anthropic-beta.test.js (~530 lines) — anthropic deprecated beta - server.error-handling.test.js (~160 lines) — error handling tests - server.token-guards.test.js (~190 lines) — token guard tests - server.token-steering.test.js (~390 lines) — token steering utilities All 50 original test cases pass across the new files.

github-actions · 2026-05-26T00:47:13Z

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	96.54%	96.60%	📈 +0.06%
Statements	96.38%	96.44%	📈 +0.06%
Functions	97.99%	98.00%	📈 +0.01%
Branches	90.78%	90.88%	📈 +0.10%

📁 Per-file Coverage Changes (2 files)

File	Lines (Before → After)	Statements (Before → After)
`src/host-iptables-rules.ts`	97.0% → 97.7% (+0.68%)	97.0% → 97.7% (+0.67%)
`src/config-writer.ts`	89.3% → 90.9% (+1.65%)	89.3% → 90.9% (+1.65%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

Copilot

Pull request overview

This PR refactors the API proxy test suite by splitting the previously monolithic containers/api-proxy/server.proxy.test.js into six focused Jest modules, improving navigability and allowing more targeted test runs without changing production behavior.

Changes:

Deleted server.proxy.test.js and redistributed its 50 test cases into 6 concern-specific test files.
Each new module performs its own isolated module/env setup (jest.resetModules() + HTTPS_PROXY handling) to avoid cross-test contamination.
Preserved coverage across WebSocket proxying, header sanitization, Anthropic beta retry behavior, error handling, token guards, and token steering.

Show a summary per file

File	Description
containers/api-proxy/server.proxy.test.js	Removed the 1,711-line combined test file in favor of focused modules.
containers/api-proxy/server.websocket.test.js	WebSocket upgrade validation + CONNECT tunneling + auth/header injection tests.
containers/api-proxy/server.proxy-headers.test.js	`x-initiator` injection and `tool_calls` normalization tests.
containers/api-proxy/server.anthropic-beta.test.js	Anthropic deprecated beta header retry/learning/proactive stripping tests.
containers/api-proxy/server.error-handling.test.js	Client/upstream stream error handling and metrics/log assertions.
containers/api-proxy/server.token-guards.test.js	Effective-token and max-runs 429 guard behavior tests.
containers/api-proxy/server.token-steering.test.js	Timeout/token steering message generation + body injection unit/integration tests.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Files reviewed: 7/7 changed files
Comments generated: 2

+    // Load a fresh proxyRequest that shares the same proxy-request module instance
+    // as the steering functions (assigned in the top-level beforeAll above).
+    // This ensures the same module instance handles both the threshold crossing
+    // and the body injection.


+      wsProxy(makeUpgradeReq(), socket, Buffer.alloc(0), 'api.openai.com', { 'Authorization': 'Bearer key' }, 'openai');
+
+      return new Promise(resolve => setTimeout(() => {
+        expect(socket.write).toHaveBeenCalledWith(expect.stringContaining('HTTP/1.1 502 Bad Gateway'));
+        expect(socket.destroy).toHaveBeenCalled();
+        resolve();
+      }, 30));
+    });


lpcox · 2026-05-26T02:18:29Z

@copilot address review feedback

Copilot · 2026-05-26T02:22:55Z

@copilot address review feedback

Addressed in d0373cc.

Updated the token-steering test comment to correctly describe re-requiring from the cached module instance.
Replaced the two fixed setTimeout(..., 30) waits in websocket tests with event-driven waits (error / secureConnect + setImmediate) to make timing deterministic.
Verified with: npx jest --verbose --ci server.websocket.test.js server.token-steering.test.js --runInBand.

github-actions · 2026-05-26T02:35:01Z

Smoke Test: Claude Engine ✅

✅ GitHub API: 2 recent PRs fetched (Refactor host-access port spec parsing to remove duplicate logic #3822, fix(api-proxy): prevent stream_options injection into OpenAI Responses API requests #3805)
✅ GitHub check: playwright_check PASS
✅ File verify: smoke-test-claude-26428636529.txt exists

Total: PASS

💥 [THE END] — Illustrated by Smoke Claude

github-actions · 2026-05-26T02:35:04Z

🧪 Smoke Test: Copilot BYOK (Offline) Mode

Test	Result
GitHub MCP (list PRs)	✅
GitHub.com connectivity	✅ (pre-step data unavailable — template vars unexpanded)
File write/read	✅ (pre-step data unavailable — template vars unexpanded)
BYOK inference (this response)	✅

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com

Overall: PASS · Author: @Copilot · Assignees: @lpcox, @Copilot

🔑 BYOK report filed by Smoke Copilot BYOK

github-actions · 2026-05-26T02:35:39Z

Disambiguate internal test-helper exports across six modules ✅\n- Remove unused src/services/agent-environment.ts barrel export ✅\n- GitHub reads ✅ · Playwright ✅ · file I/O ✅ · discussion ✅ · build ✅\n- Overall: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

github-actions · 2026-05-26T02:35:40Z

🔬 Smoke Test: API Proxy OpenTelemetry Tracing

Scenario	Result	Details
1. Module Loading	✅ Pass	`otel.js` loads successfully; exports: `startRequestSpan`, `setTokenAttributes`, `endSpan`, `endSpanError`, `shutdown`, `isEnabled` + internal symbols
2. Test Suite	✅ Pass	33/33 tests passed in `otel.test.js` (ProxyAwareOtlpExporter, FileSpanExporter, shutdown)
3. Env Var Forwarding	✅ Pass	`src/services/api-proxy-service.ts` forwards `OTEL_EXPORTER_OTLP_ENDPOINT`, `OTEL_EXPORTER_OTLP_HEADERS`, `GITHUB_AW_OTEL_TRACE_ID`, `GITHUB_AW_OTEL_PARENT_SPAN_ID` to the api-proxy container
4. Token Tracker Integration	✅ Pass	`onUsage` callback exists at line 237 and `onSpanEnd` at lines 185/234/279 in `token-tracker-http.js`
5. OTEL Diagnostics	✅ Pass	File fallback exporter writes to `/var/log/api-proxy/otel.jsonl`; OTLP export activates when `OTEL_EXPORTER_OTLP_ENDPOINT` is set

All 5 scenarios passed. OTEL tracing integration is fully functional.

📡 OTel tracing validated by Smoke OTel Tracing

github-actions · 2026-05-26T02:35:53Z

🔬 Smoke Test Results

Test	Status
GitHub MCP connectivity	✅
GitHub.com HTTP connectivity	✅
File write/read	✅

PR: refactor: split server.proxy.test.js into 6 focused test modules
Author: @Copilot | Assignees: @lpcox @Copilot

Overall: PASS ✅

📰 BREAKING: Report filed by Smoke Copilot

github-actions · 2026-05-26T02:36:39Z

Chroot Smoke Test Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌
Node.js	v24.15.0	v22.22.3	❌
Go	go1.22.12	go1.22.12	✅

Overall: ❌ Not all tests passed — Python and Node.js versions differ between host and chroot.

Tested by Smoke Chroot

github-actions · 2026-05-26T02:36:58Z

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	All passed	✅ PASS
Node.js	execa	✅	All passed	✅ PASS
Node.js	p-limit	✅	All passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #3827 · sonnet46 1M · ◷

github-actions · 2026-05-26T02:38:43Z

Smoke Test Results

Redis (6379): ❌ host.docker.internal unreachable
PostgreSQL pg_isready (5432): ❌ host.docker.internal unreachable
PostgreSQL SELECT 1: ❌ host.docker.internal unreachable

Overall: FAIL — Service containers are not reachable from this runner environment. host.docker.internal does not resolve or is not routable.

🔌 Service connectivity validated by Smoke Services

github-actions · 2026-05-26T02:40:21Z

Smoke Test: Gemini Engine Validation

Review last 2 merged PRs: ❌ (Failed to list PRs: Missing tools/Unauthorized)
Connectivity to github.com: ❌ (Status 000: SSL routines::wrong version number)
File Writing Testing: ✅ (Passed)
Bash Tool Testing: ✅ (Passed)

Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini

Initial plan

5bd88f6

Copilot AI assigned Copilot and lpcox May 26, 2026

Copilot started work on behalf of lpcox May 26, 2026 00:10 View session

Copilot AI linked an issue May 26, 2026 that may be closed by this pull request

[Refactoring] Split server.proxy.test.js into focused test modules #3777

Closed

Copilot AI changed the title ~~[WIP] Refactor server.proxy.test.js into focused test modules~~ refactor: split server.proxy.test.js into 6 focused test modules May 26, 2026

Copilot finished work on behalf of lpcox May 26, 2026 00:19

Copilot AI requested a review from lpcox May 26, 2026 00:19

lpcox marked this pull request as ready for review May 26, 2026 00:45

Copilot AI review requested due to automatic review settings May 26, 2026 00:45

Copilot started reviewing on behalf of lpcox May 26, 2026 00:46 View session