Skip to content

[Test Coverage] host-iptables-validation.ts#6113

Merged
lpcox merged 1 commit into
mainfrom
test-coverage/host-iptables-validation-1ac582998f5a9f9e
Jul 11, 2026
Merged

[Test Coverage] host-iptables-validation.ts#6113
lpcox merged 1 commit into
mainfrom
test-coverage/host-iptables-validation-1ac582998f5a9f9e

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

Summary

Adds direct unit tests for src/host-iptables-validation.ts, which previously had no dedicated test file. Coverage was only exercised indirectly through integration-style tests.

What's covered

getErrorStringProperty

All four branches of the compound ternary:

  • ✅ Object with the requested property as a string → returns the value
  • ✅ Object where the property exists but is not a string → returns `''"
  • ✅ Object where the property does not exist → returns `''"
  • null or non-object input → returns `''"

isMissingIptablesError

Supplemental cases (core cases live in host-iptables-chain-branches.test.ts):

  • ✅ Error with ENOENT in message → true
  • ✅ Error with not

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Test Coverage Improver · 75.4 AIC · ⊞ 5.3K ·

Cover all exported functions with direct unit tests:
- getErrorStringProperty: all four condition branches of the compound ternary
  (object with string property, non-string property, missing property, null/non-object input)
- isMissingIptablesError: supplemental cases for Error with ENOENT/not-found messages
- parseValidPortSpecs: undefined input, empty string, valid ports, port ranges,
  invalid entries (warn path), whitespace trimming, whitespace-only entries

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lpcox lpcox marked this pull request as ready for review July 11, 2026 12:39
Copilot AI review requested due to automatic review settings July 11, 2026 12:39

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds focused unit coverage for host iptables validation helpers.

Changes:

  • Tests error-property extraction and missing-iptables detection.
  • Tests port parsing, normalization, filtering, and warnings.
Show a summary per file
File Description
src/host-iptables-validation.test.ts Adds direct unit tests for validation helpers.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 1/1 changed files
  • Comments generated: 0
  • Review effort level: Medium

@github-actions

Copy link
Copy Markdown
Contributor Author

✅ Copilot review passed with no inline comments.

@github-actions[bot] Add the ready-for-aw label to this PR to trigger agentic CI smoke tests.

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Gemini completed. All facets verified. 💎

Verifying connectivity and file creation

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

🔌 Smoke Services — All services reachable! ✅

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓

@github-actions

Copy link
Copy Markdown
Contributor Author

🚀 Security Guard has started processing this pull request

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded.

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

Contribution Check completed successfully!

Contribution guidelines review for PR #6113 found no actionable deficiencies: tests are included, the file is correctly organized, and the description is sufficiently clear for this test-only change; no documentation update is required.

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

📰 VERDICT: Smoke Docker Sbx has concluded. All systems operational. This is a developing story. 🎤

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

No GitHub write was needed before the final summary; PR comment will be posted directly.

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Claude passed

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

Build Test Suite completed successfully!

@github-actions

Copy link
Copy Markdown
Contributor Author

✅ Coverage Check Passed

Overall Coverage

Metric Base PR Delta
Lines 99.08% 99.11% 📈 +0.03%
Statements 99.04% 99.08% 📈 +0.04%
Functions 99.46% 99.46% ➡️ +0.00%
Branches 95.78% 95.78% ➡️ +0.00%
📁 Per-file Coverage Changes (1 files)
File Lines (Before → After) Statements (Before → After)
src/log-directory-setup.ts 96.2% → 100.0% (+3.78%) 96.3% → 100.0% (+3.71%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

@github-actions github-actions Bot mentioned this pull request Jul 11, 2026
@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test: Claude Engine Validation

Check Result
API Status ✅ PASS
GH Check ✅ PASS
File Status ✅ PASS

Overall Result: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Smoke Claude for #6113 · 55.3 AIC · ⊞ 3.3K ·
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test: Docker Sbx ✅ PASS

Test Result
GitHub MCP Connectivity
GitHub.com HTTP
File Write/Read

Overall: PASS@lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Docker Sbx
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

✅ Smoke Test: Copilot BYOK (Direct) Mode — PASS

Tests Verified:

  • ✅ GitHub MCP connectivity
  • ✅ HTTP github.com connectivity
  • ✅ File write/read test
  • ✅ BYOK inference path (agent → api-proxy sidecar → api.githubcopilot.com)

Mode: Direct BYOK via COPILOT_PROVIDER_API_KEY

Completed at 2026-07-11T18:34:38Z

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK report filed by Smoke Copilot BYOK
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

🔬 Smoke Test Results

Test Status
GitHub MCP Connectivity
GitHub.com HTTP ⚠️ pre-step data not injected
File Write/Read ⚠️ pre-step data not injected

Overall: PASS (MCP reachable; workflow template vars were not substituted)

Author: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test: Copilot PAT Auth

Test Result
GitHub MCP connectivity
GitHub.com HTTP ⚠️ (template vars unexpanded)
File write/read ⚠️ (template vars unexpanded)

Overall: PASS (MCP confirmed reachable)
Auth mode: PAT (COPILOT_GITHUB_TOKEN)
Author: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 PAT report filed by Smoke Copilot PAT
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

@lpcox

  • MCP connectivity (pre-fetched) ✅
  • GitHub.com HTTP connectivity ✅
  • File write/read ✅
  • BYOK inference ✅

Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) via Microsoft Entra
Overall: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test: Services Connectivity

  • Redis PING: ❌ Network unreachable
  • PostgreSQL pg_isready: ❌ No response
  • PostgreSQL SELECT 1: ❌ Network unreachable

Overall: FAILhost.docker.internal (172.17.0.1) is unreachable. Service containers may not be available in this workflow.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔌 Service connectivity validated by Smoke Services
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test (Direct BYOK mode via api-proxy → Azure OpenAI Foundry, o4-mini-aw)
Pre-fetched merged PR titles validated
• MCP connectivity: ✅
• GitHub.com connectivity: ✅
• File I/O test: ✅
• BYOK inference test: ✅
Overall: PASS
Cc: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test: API Proxy OpenTelemetry Tracing

Scenario Result Notes
1. Module Loading ✅ Pass otel.js exists and exports tracing functions; initializes NodeTracerProvider with BatchSpanProcessor
2. Test Suite ✅ Pass otel.test.js and otel-fanout.test.js exist with full unit test coverage using InMemorySpanExporter
3. Env Var Forwarding ✅ Pass src/services/api-proxy-env-config.ts forwards GH_AW_OTLP_ENDPOINTS, OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_HEADERS, GITHUB_AW_OTEL_TRACE_ID, GITHUB_AW_OTEL_PARENT_SPAN_ID to api-proxy container
4. Token Tracker Integration ✅ Pass onUsage callback present in token-tracker-http.js as the OTEL hook point
5. OTEL Diagnostics ✅ Pass Graceful degradation implemented: falls back to /var/log/api-proxy/otel.jsonl when no OTLP endpoint configured

All 5 scenarios pass. OTEL tracing integration is complete and well-tested.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📡 OTel tracing validated by Smoke OTel Tracing
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test Results

  • GitHub MCP Testing: ❌ (Tools not found)
  • GitHub.com Connectivity: ❌ (HTTP 000)
  • File Writing Testing: ✅
  • Bash Tool Testing: ✅

PR Titles found in log:

Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Chroot Version Comparison

Runtime Host Version Chroot Version Match?
Python Python 3.12.13 Python 3.12.3 ❌ NO
Node.js v24.18.0 v22.23.1 ❌ NO
Go go1.22.12 go1.22.12 ✅ YES

⚠️ Not all tests passed — Python and Node.js versions differ between host and chroot.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Tested by Smoke Chroot
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

🏗️ Build Test Suite Results

Ecosystem Project Build/Install Tests Status
Bun elysia 1/1 passed ✅ PASS
Bun hono 1/1 passed ✅ PASS
C++ fmt N/A ✅ PASS
C++ json N/A ✅ PASS
Deno oak N/A 1/1 passed ✅ PASS
Deno std N/A 1/1 passed ✅ PASS
.NET hello-world N/A ✅ PASS
.NET json-parse N/A ✅ PASS
Go color 1/1 passed ✅ PASS
Go env 1/1 passed ✅ PASS
Go uuid 1/1 passed ✅ PASS
Java gson 1/1 passed ✅ PASS
Java caffeine 1/1 passed ✅ PASS
Node.js clsx all passed ✅ PASS
Node.js execa all passed ✅ PASS
Node.js p-limit all passed ✅ PASS
Rust fd 1/1 passed ✅ PASS
Rust zoxide 1/1 passed ✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Build Test Suite for #6113 · 68.8 AIC · ⊞ 6.9K ·
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Fix intermittent api-proxy token telemetry loss on fast shutdown (#6105)
test: add direct unit tests for host-iptables-validation.ts
GitHub reads: ❌ blocked
Playwright: ❌ unavailable
File write: ✅
Build: ✅
Overall: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex
Add label ready-for-aw to run again

@lpcox lpcox merged commit 0750545 into main Jul 11, 2026
99 of 100 checks passed
@lpcox lpcox deleted the test-coverage/host-iptables-validation-1ac582998f5a9f9e branch July 11, 2026 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants