Skip to content

[Test Coverage] src/sbx-manager.ts#6127

Open
github-actions[bot] wants to merge 2 commits into
mainfrom
test-coverage-sbx-manager-a9d3063986efd828
Open

[Test Coverage] src/sbx-manager.ts#6127
github-actions[bot] wants to merge 2 commits into
mainfrom
test-coverage-sbx-manager-a9d3063986efd828

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

placeholder

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Test Coverage Improver · 59.2 AIC · ⊞ 5.3K ·

Add comprehensive unit tests for all uncovered paths in sbx-manager.ts:

- sanitizeEnvForSbx: secret pattern filtering, override merging
- SBX_DEFAULT_NAME: prefix and PID format validation
- createSandbox: default name/port, auth failure paths (null/non-zero exit),
  sbx create failure, degenerate success detection, mount deduplication,
  rw/ro/2-segment mount formats, system path dedup
- execInSandbox: exit codes (0/non-zero/null), timeout (124), unexpected
  error, workDir/tty/environment/timeoutMinutes options
- removeSandbox: stop non-zero, stop throws, rm null exit, success logging
- isSbxAvailable: true on success, false on throw

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lpcox lpcox marked this pull request as ready for review July 12, 2026 14:00
Copilot AI review requested due to automatic review settings July 12, 2026 14:00

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Expands unit coverage for the sbx sandbox lifecycle manager.

Changes:

  • Tests environment sanitization and default naming.
  • Covers sandbox creation, execution, cleanup, and availability branches.
  • Verifies mount, timeout, environment, and error handling.
Show a summary per file
File Description
src/sbx-manager.test.ts Adds comprehensive sbx manager tests.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 1/1 changed files
  • Comments generated: 4
  • Review effort level: Medium

Comment thread src/sbx-manager.test.ts Outdated
expect(result.PATH).toBe('/custom');
});

it('overrides cannot smuggle secret keys', () => {
Comment thread src/sbx-manager.test.ts Outdated
Comment on lines +134 to +136
expect(mockedLogger.info).toHaveBeenCalledWith(
expect.stringContaining('http://172.30.0.10:3128'),
);
Comment thread src/sbx-manager.test.ts Outdated
Comment on lines +146 to +148
expect(mockedLogger.info).toHaveBeenCalledWith(
expect.stringContaining('http://172.30.0.10:8080'),
);
Comment thread src/sbx-manager.test.ts Outdated
@lpcox

lpcox commented Jul 12, 2026

Copy link
Copy Markdown
Collaborator

@copilot Fix the code for all comments in this review thread.

When a review comment includes a suggested change, apply the suggestion exactly.

Do not make changes beyond what is described in the linked review thread.

Copilot AI commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

@copilot Fix the code for all comments in this review thread.

When a review comment includes a suggested change, app...

Fixed all four issues in cb802d5:

  1. Test name at line 70 — renamed to 'overrides take precedence even for secret-like key names' to accurately describe the behaviour.

  2. Implementation (sbx-manager.ts) — createSandbox now sets env.DOCKER_SANDBOXES_PROXY = proxyUrl instead of deleting it, so Squid proxy chaining is actually applied at sandbox creation time.

  3. Proxy tests (lines 134–136 and 146–148) — both tests now assert on the execa invocation (env.DOCKER_SANDBOXES_PROXY value) rather than log output, catching regressions where the port/URL is discarded.

  4. Test at line 124 — changed to expect(name).toBe(SBX_DEFAULT_NAME) so a regression that stops using the exported constant is detected.

The existing "uses shell agent" test at line 83 was also updated to expect DOCKER_SANDBOXES_PROXY to be present (and correct) since the implementation now sets it.

Copilot AI requested a review from lpcox July 12, 2026 14:11
Copilot finished work on behalf of lpcox July 12, 2026 14:11
@github-actions

Copy link
Copy Markdown
Contributor Author

✅ Copilot review passed with no inline comments.

@github-actions[bot] Add the ready-for-aw label to this PR to trigger agentic CI smoke tests.

@github-actions

Copy link
Copy Markdown
Contributor Author

✅ Coverage Check Passed

Overall Coverage

Metric Base PR Delta
Lines 98.30% 98.95% 📈 +0.65%
Statements 98.23% 98.90% 📈 +0.67%
Functions 99.07% 99.33% 📈 +0.26%
Branches 93.85% 95.11% 📈 +1.26%
📁 Per-file Coverage Changes (2 files)
File Lines (Before → After) Statements (Before → After)
src/log-directory-setup.ts 96.2% → 100.0% (+3.78%) 96.3% → 100.0% (+3.71%)
src/sbx-manager.ts 62.1% → 100.0% (+37.90%) 60.6% → 100.0% (+39.40%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Claude passed

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

🔌 Smoke Services — All services reachable! ✅

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

Build Test Suite completed successfully!

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Gemini completed. All facets verified. 💎

Checking connectivity

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

📰 DEVELOPING STORY: Smoke Docker Sbx reports failed. Our correspondents are investigating the incident...

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded.

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK AOAI (Entra) reports failed. AOAI BYOK (Entra) mode investigation needed...

@github-actions

Copy link
Copy Markdown
Contributor Author

🚀 Security Guard has started processing this pull request

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

Contribution Check completed successfully!

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

@github-actions

Copy link
Copy Markdown
Contributor Author

🔬 Smoke Test Results

Test Status
GitHub MCP connectivity
GitHub.com HTTP ⚠️ pre-step data unavailable (template vars not expanded)
File write/read ⚠️ pre-step data unavailable (template vars not expanded)

Overall: PASS (MCP verified; pre-step outputs not injected into prompt)

Author: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test Results: Copilot BYOK (Direct) Mode

✅ GitHub API connectivity (HTTP 200)
✅ File write/read test
✅ BYOK inference path (api-proxy → api.githubcopilot.com)

Status: PASS

Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY) via api-proxy sidecar.
@lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK report filed by Smoke Copilot BYOK
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test: Claude Engine Validation

Check Result
API Status ✅ PASS
GH Check ✅ PASS
File Status ✅ PASS

Overall Result: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Smoke Claude for #6127 · 55.1 AIC · ⊞ 3.3K ·
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test: Copilot PAT Auth

Test Result
GitHub MCP connectivity
GitHub.com HTTP ✅ (200)
File write/read ⚠️ (template vars not substituted)

Overall: PASS (core connectivity verified)
Author: @lpcox | Auth mode: PAT (COPILOT_GITHUB_TOKEN)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 PAT report filed by Smoke Copilot PAT
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

@lpcox

Smoke Test Results:

  • MCP connectivity: ✅
  • GitHub.com connectivity: ✅
  • File write/read: ✅
  • BYOK inference: ✅

Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)

Overall: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Thanks for adding comprehensive unit coverage for src/sbx-manager.ts. Before merging, please replace the placeholder PR description with a clear summary of what changed and reference any related issue, or state that none exists, as required by CONTRIBUTING.md under Pull Request requirements. The tests and file organization otherwise align with the applicable contribution guidelines.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Contribution Check for #6127 · 3.88 AIC · ⊞ 19.3K ·
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test: Services Connectivity

  • Redis PING: ❌ (Network is unreachable)
  • PostgreSQL pg_isready: ❌ (no response)
  • PostgreSQL SELECT 1: ❌ (Network is unreachable)

Overall: FAILhost.docker.internal is not reachable from this environment.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔌 Service connectivity validated by Smoke Services
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test: API Proxy OpenTelemetry Tracing

Scenario Result Notes
Module Loading ✅ Pass otel.js loads; exports: startRequestSpan, setTokenAttributes, setBudgetAttributes, endSpan, endSpanError, shutdown, isEnabled, and internal helpers
Test Suite ✅ Pass 59 tests passed across otel.test.js and otel-fanout.test.js (2 suites)
Env Var Forwarding ✅ Pass api-proxy-env-config.ts forwards OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_HEADERS, GITHUB_AW_OTEL_TRACE_ID, GITHUB_AW_OTEL_PARENT_SPAN_ID, OTEL_SERVICE_NAME (defaults to awf-api-proxy)
Token Tracker Integration ✅ Pass onUsage callback exists in token-tracker-http.js as the OTEL hook point
OTEL Diagnostics ✅ Pass Graceful degradation confirmed; falls back to file-based spans at /var/log/api-proxy/otel.jsonl when no endpoint configured

All 5 scenarios passed.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📡 OTel tracing validated by Smoke OTel Tracing
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke test: PASS

Merged PRs reviewed:

  • feat: add gVisor smoke tests for Claude, Codex, and build workloads
  • chore: upgrade gh-aw to v0.82.8 pre-release and recompile workflows

Checks:

  • GitHub PR review: ✅
  • GitHub CLI PR query: ✅
  • GitHub discussion query: ✅
  • Playwright title check: ✅
  • File write/read: ✅
  • Build: ✅

Overall: PASS

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

  • awmgmcpg
  • registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Chroot Version Comparison

Runtime Host Version Chroot Version Match?
Python Python 3.12.13 Python 3.12.3 ❌ NO
Node.js v24.18.0 v22.23.1 ❌ NO
Go go1.22.12 go1.22.12 ✅ YES

Result: Not all tests passed — Python and Node.js versions differ between host and chroot environments.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Tested by Smoke Chroot
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

🏗️ Build Test Suite Results

Ecosystem Project Build/Install Tests Status
Bun elysia 1/1 passed ✅ PASS
Bun hono 1/1 passed ✅ PASS
C++ fmt N/A ✅ PASS
C++ json N/A ✅ PASS
Deno oak N/A 1/1 passed ✅ PASS
Deno std N/A 1/1 passed ✅ PASS
.NET hello-world N/A ✅ PASS
.NET json-parse N/A ✅ PASS
Go color 1/1 passed ✅ PASS
Go env 1/1 passed ✅ PASS
Go uuid 1/1 passed ✅ PASS
Java gson 1/1 passed ✅ PASS
Java caffeine 1/1 passed ✅ PASS
Node.js clsx passed ✅ PASS
Node.js execa passed ✅ PASS
Node.js p-limit passed ✅ PASS
Rust fd 1/1 passed ✅ PASS
Rust zoxide 1/1 passed ✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Build Test Suite for #6127 · 35.9 AIC · ⊞ 6.9K ·
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor Author

Smoke Test: Gemini Engine Validation

  1. GitHub MCP Testing: ❌ (Cannot reach API)
  2. GitHub.com Connectivity: ❌ (Connection failed)
  3. File Writing Testing: ✅ (PASS)
  4. Bash Tool Testing: ✅ (PASS)

Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini
Add label ready-for-aw to run again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants