Stop keyword leakage in api-proxy-env-constants export surface#5681
Conversation
api-proxy-env-constants export surface
There was a problem hiding this comment.
Pull request overview
This pull request adjusts how OIDC_AUTH_ENV_MAPPING is declared/exported in src/api-proxy-env-constants.ts to prevent TypeScript syntax artifacts (e.g., satisfies, ReadonlyArray) from being misattributed as part of the module’s public export surface by export-audit tooling, without changing runtime behavior or consumer import paths.
Changes:
- Convert
OIDC_AUTH_ENV_MAPPINGfrom an inlineexport const ... = ... satisfies ...declaration to a localconstwith the samesatisfies ReadonlyArray<...>constraint. - Add an explicit named export
export { OIDC_AUTH_ENV_MAPPING };after the declaration to keep the exported API intact. - Keep
OIDC_AUTH_ENV_VARSderived from the mapping as before.
Show a summary per file
| File | Description |
|---|---|
| src/api-proxy-env-constants.ts | Restructures the OIDC_AUTH_ENV_MAPPING export to avoid TypeScript keyword/type leakage in export-surface auditing while preserving runtime exports. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 0
- Review effort level: Low
|
✅ Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓 |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
🔌 Smoke Services — All services reachable! ✅ |
|
✅ Build Test Suite completed successfully! |
|
✅ Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓 |
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
|
🚀 Security Guard has started processing this pull request |
|
✅ Smoke Gemini completed. All facets verified. 💎 Smoke test completed with partial failures |
|
✅ Contribution Check completed successfully! Contribution guidelines check complete for PR #5681: no important guideline issues found in the provided metadata, diff, and CONTRIBUTING.md context. |
|
Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded. |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
✅ Smoke Claude passed |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
✅ Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓 |
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
🔥 Smoke Test: Copilot PAT — PASS
Overall: PASS · Auth mode: PAT (COPILOT_GITHUB_TOKEN)
|
Smoke Test: Claude Engine Validation
Overall result: PASS
|
|
Smoke Test: Copilot BYOK (Direct Mode) ✅ PASS
Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY) → api-proxy sidecar → api.githubcopilot.com
|
🤖 Smoke Test Results — PASSPR: Stop keyword leakage in
Overall: PASS
|
Smoke Test: API Proxy OpenTelemetry Tracing — Results
Overall: ✅ All 5 scenarios pass. The OTEL tracing integration is fully functional.
|
Chroot Smoke Test Results
Overall: ❌ Not all tests passed — Python and Node.js versions differ between host and chroot environments.
|
|
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)
|
|
Remove unused Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "registry.npmjs.org"See Network Configuration for more information.
|
Smoke Test: GitHub Actions Services Connectivity
Overall: ❌ FAIL
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
|
Smoke Test Results: Gemini Engine
Overall status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
Smoke test results:
Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)
|
Export audit flagged
satisfiesandReadonlyArrayas public symbols fromsrc/api-proxy-env-constants.ts, indicating the module export shape was being misread. This polluted the API surface with TypeScript syntax artifacts instead of real runtime exports.Root cause
OIDC_AUTH_ENV_MAPPINGwas exported inline while usingsatisfies ReadonlyArray<...>, which caused audit tooling to attribute TS keywords as exported symbols.Change made
OIDC_AUTH_ENV_MAPPINGto a localconstwith the same type constraint.export { OIDC_AUTH_ENV_MAPPING };Result