Skip to content

[Test Coverage] branch coverage: log-parser, workdir-setup, network-setup, preflight#5923

Merged
lpcox merged 2 commits into
mainfrom
test/branch-coverage-improvements-1165faca16cdc99a
Jul 5, 2026
Merged

[Test Coverage] branch coverage: log-parser, workdir-setup, network-setup, preflight#5923
lpcox merged 2 commits into
mainfrom
test/branch-coverage-improvements-1165faca16cdc99a

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds 30 new unit tests targeting previously uncovered branches in four security-relevant source files.

Files covered

File Uncovered branches targeted
src/logs/log-parser.ts extractDomain non-numeric port suffix (CONNECT and Host header); parseAuditJsonlLine missing method/decision, non-numeric dest port, invalid ISO timestamp, ts-only format, no timestamp
src/workdir-setup.ts ensureDirectory/assertRealDirectory symlink and non-directory throws; createMissingOwnedDirectorySegments file-segment throw; prepareLogDirectories mcp-logs already-exists else branch; prepareChrootHomeMounts runnerToolCachePath outside home warn
src/commands/network-setup.ts non-Error thrown by parseDnsServers, detectUpstreamProxy, parseProxyUrl; no_proxy env var propagation
src/commands/preflight.ts non-Error in validateAllowedDomains; blockDomains option parsing; blockDomainsFile read failures (Error + non-Error); domain validation failure; deduplication

Test results

All 30 new tests pass. All existing tests (97) continue to pass.

Notes

  • No source changes; test-only PR
  • Uses jest.mock for all fs/process dependencies
  • Real filesystem used for symlink/non-directory tests in workdir-setup

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Test Coverage Improver · 395.9 AIC · ⊞ 5.3K ·

…p, preflight

Cover 30 previously uncovered branches across four source files:

- logs/log-parser.ts: extractDomain non-numeric port suffix in CONNECT
  and Host header; parseAuditJsonlLine missing method/decision fields,
  non-numeric dest port, invalid ISO timestamp with ts fallback, ts-only
  legacy format, and missing timestamp
- workdir-setup.ts: ensureDirectory and assertRealDirectory symlink and
  non-directory error paths; createMissingOwnedDirectorySegments file-
  segment error; prepareLogDirectories mcp-logs already-exists else
  branch; prepareChrootHomeMounts runnerToolCachePath outside home warn
- commands/network-setup.ts: non-Error thrown by parseDnsServers and
  detectUpstreamProxy/parseProxyUrl; no_proxy env var propagation
- commands/preflight.ts: non-Error in validateAllowedDomains; block-
  domains option and file parsing; non-Error in blockDomainsFile; domain
  validation failure; deduplication

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a new Jest test suite intended to improve branch coverage for several security-relevant modules (log parsing, workdir setup, network setup, and preflight option validation) without changing production code.

Changes:

  • Add targeted branch-coverage unit tests for parseLogLine / parseAuditJsonlLine edge cases.
  • Add workdir setup tests covering symlink/non-directory error paths and runner tool-cache “outside home” warning path.
  • Add network/preflight tests for non-Error thrown values, no_proxy propagation, and blocked-domain parsing/validation/deduping.
Show a summary per file
File Description
src/coverage-improvements.test.ts New consolidated test file covering previously-uncovered branches across log parsing, workdir setup, network setup, and preflight validation.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 1/1 changed files
  • Comments generated: 2
  • Review effort level: Low

Comment thread src/coverage-improvements.test.ts Outdated

// ─── workdir-setup.ts ─────────────────────────────────────────────────────────

// Use real fs (not the mock factory) since we need symlink/non-dir setup.
Comment thread src/coverage-improvements.test.ts Outdated

// ─── commands/network-setup.ts ────────────────────────────────────────────────

jest.mock('./commands/network-setup', () => jest.requireActual('./commands/network-setup'));
@lpcox

lpcox commented Jul 5, 2026

Copy link
Copy Markdown
Collaborator

@copilot address review feedback

@lpcox lpcox marked this pull request as ready for review July 5, 2026 13:16

Copilot AI commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

@copilot address review feedback

Done in the latest commit:

  • Fixed the misleading comment at line 206 — it now accurately states the fs mock factory is in use.
  • Removed the redundant jest.mock('./commands/network-setup', () => jest.requireActual(...)) line at line 428.

All 30 tests continue to pass.

Copilot finished work on behalf of lpcox July 5, 2026 13:16
Copilot AI requested a review from lpcox July 5, 2026 13:16
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

✅ Copilot review passed with no inline comments.

@github-actions[bot] Add the ready-for-aw label to this PR to trigger agentic CI smoke tests.

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Gemini completed. All facets verified. 💎

Gemini smoke test completed. Status: FAIL. Results reported in PR #5923.

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Build Test Suite completed successfully!

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Contribution Check completed successfully!

PR #5923 follows the applicable CONTRIBUTING.md guidelines; no review comment needed.

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Claude passed

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Chroot tests failed Smoke Chroot failed - See logs for details.

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

🚀 Security Guard has started processing this pull request

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

🔌 Smoke Services — All services reachable! ✅

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

✅ Coverage Check Passed

Overall Coverage

Metric Base PR Delta
Lines 98.72% 98.81% 📈 +0.09%
Statements 98.64% 98.73% 📈 +0.09%
Functions 99.58% 99.58% ➡️ +0.00%
Branches 94.69% 95.10% 📈 +0.41%
📁 Per-file Coverage Changes (1 files)
File Lines (Before → After) Statements (Before → After)
src/workdir-setup.ts 93.2% → 97.5% (+4.23%) 93.2% → 97.5% (+4.23%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test: Copilot BYOK (Direct) Mode - PASS

  • ✅ GitHub MCP connectivity
  • ✅ GitHub.com connectivity
  • ✅ File write/read test
  • ✅ BYOK inference (agent → api-proxy → api.githubcopilot.com)

Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY) via api-proxy sidecar.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK report filed by Smoke Copilot BYOK
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test: Claude Engine Validation

Check Result
API Status ✅ PASS
GH Check ✅ PASS
File Status ✅ PASS

Overall Result: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Smoke Claude for #5923 · 35.5 AIC · ⊞ 3.3K ·
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test Results

Test Status
GitHub MCP connectivity
GitHub.com HTTP ✅ 200
File write/read

Overall: PASS

Author: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

🔬 Smoke Test: Copilot PAT Auth

Test Status
GitHub MCP connectivity
GitHub.com HTTP
File write/read

Overall: PASS
Auth mode: PAT (COPILOT_GITHUB_TOKEN)
cc @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 PAT report filed by Smoke Copilot PAT
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Pre-fetched PR data: ${{ steps.smoke-data.outputs.SMOKE_PR_DATA }} ✅
GitHub.com connectivity: ✅
File I/O: ✅
Direct BYOK inference: ✅
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)
Overall: PASS
@lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

@lpcox

Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)

  • MCP PR Data: ✅
  • GitHub.com connectivity: ✅
  • File write/read: ✅
  • BYOK inference: ✅

Status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test: Services Connectivity

  • Redis PING: ❌ Network is unreachable
  • PostgreSQL pg_isready: ❌ No response
  • PostgreSQL SELECT 1: ❌ Network is unreachable

Result: FAILhost.docker.internal (172.17.0.1) is unreachable from this runner. Service containers are not accessible.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔌 Service connectivity validated by Smoke Services
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Smoke test result: FAIL (Connectivity issues)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Reviewed merged PRs:\n- refactor(api-proxy): centralize auth-header construction in shared helpers\n- refactor: split postprocess-smoke-workflows.ts into focused modules\n\nChecks:\n- GitHub query: ✅\n- Playwright: ✅\n- File write: ✅\n- Build: ✅\n\nOverall: PASS

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

  • awmgmcpg
  • registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

🏗️ Build Test Suite Results

Ecosystem Project Build/Install Tests Status
Bun elysia 1/1 passed ✅ PASS
Bun hono 1/1 passed ✅ PASS
C++ fmt N/A ✅ PASS
C++ json N/A ✅ PASS
Deno oak N/A 1/1 passed ✅ PASS
Deno std N/A 1/1 passed ✅ PASS
.NET hello-world N/A ✅ PASS
.NET json-parse N/A ✅ PASS
Go color 1/1 passed ✅ PASS
Go env 1/1 passed ✅ PASS
Go uuid 1/1 passed ✅ PASS
Java gson 1/1 passed ✅ PASS
Java caffeine 1/1 passed ✅ PASS
Node.js clsx All passed ✅ PASS
Node.js execa All passed ✅ PASS
Node.js p-limit All passed ✅ PASS
Rust fd 1/1 passed ✅ PASS
Rust zoxide 1/1 passed ✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Build Test Suite for #5923 · 54.8 AIC · ⊞ 6.9K ·
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

📡 OTel Tracing Smoke Test Results

Scenario Status Detail
1. Module Loading otel.js loads successfully, isEnabled: true, exports 13 functions
2. Test Suite 59 tests passed, 0 failed (2 suites: otel.test.js, otel-fanout.test.js)
3. Env Var Forwarding ⚠️ Not in api-proxy-service.ts directly; OTEL vars forwarded via api-proxy-env-config.ts — expected during development
4. Token Tracker Integration onUsage callback present in token-tracker-http.js
5. OTEL Diagnostics i️ No span file found — api-proxy OTEL not active in this run (no live LLM calls made)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📡 OTel tracing validated by Smoke OTel Tracing
Add label ready-for-aw to run again

@lpcox lpcox merged commit cc58654 into main Jul 5, 2026
86 of 88 checks passed
@lpcox lpcox deleted the test/branch-coverage-improvements-1165faca16cdc99a branch July 5, 2026 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants