refactor(api-proxy): deduplicate guard enforcement between HTTP and WebSocket paths, fix 3 missing WebSocket guards by Copilot · Pull Request #4950 · github/gh-aw-firewall

Copilot · 2026-06-14T17:00:34Z

The WebSocket upgrade path had 4 security guards copy-pasted as inline if-blocks (~56 lines) while the HTTP path used a cleaner data-driven loop — and was silently enforcing 3 additional guards (model_multiplier_cap_exceeded, retired_model, unknown_model_ai_credits) that WebSocket connections completely bypassed.

Changes

New: `guards/common-guard-checks.js`

buildCommonGuardChecks(deps, model) — a factory returning the canonical array of 7 guard descriptors shared by both proxy paths. Model-specific guards are included only when model is non-null (WebSocket upgrades have no JSON body, so they pass null and skip those three).

`websocket-proxy.js`

Replaced the 4 duplicate inline if-blocks (lines 68–123) with enforceWebSocketGuards(), a lightweight enforcer that writes raw HTTP error responses to a socket by iterating buildCommonGuardChecks().
Constructor now accepts the 3 previously-missing guard deps: getModelMultiplierCapBlockState, getRetiredModelBlockState, checkUnknownModelRejection.

`proxy-request.js`

enforceGuards() replaced ~87 lines of inline guard array with a single buildCommonGuardChecks() call.
createProxyWebSocket() call extended to pass the 3 new deps.

// Before — websocket-proxy.js had 4 duplicated blocks like:
const etBlock = getEffectiveTokenBlockState();
if (etBlock && etBlock.maxExceeded) {
  socket.write('HTTP/1.1 429 Too Many Requests\r\n...');
  socket.write(JSON.stringify(buildEffectiveTokenLimitError(etBlock)));
  socket.destroy();
  return;
}
// ...repeated verbatim for mrBlock, pdBlock, aiCreditsBlock

// After — both paths share one descriptor list:
if (enforceWebSocketGuards({ socket, logRequest, requestId, provider }, guardDeps)) return;

`server.websocket.test.js`

New proxyWebSocket security guards describe block with 5 tests covering each common guard on the WebSocket path and a passing-case assertion.

Extract guard descriptors into a shared `guards/common-guard-checks.js` factory (`buildCommonGuardChecks`) so that every security guard is enforced consistently on both the HTTP and WebSocket upgrade paths. Changes: - New `guards/common-guard-checks.js`: returns the array of guard descriptors (effective-tokens, max-runs, permission-denied, ai-credits, model-multiplier-cap, retired-model, unknown-model-ai-credits) shared by both proxy paths. - `proxy-request.js` `enforceGuards()`: replaced ~87 lines of inline guard array with a single call to `buildCommonGuardChecks()`. - `websocket-proxy.js`: replaced 4 duplicate inline if-blocks (lines 68-123) with a new `enforceWebSocketGuards()` that loops over the shared descriptor list. Also accepts the 3 previously-missing guard deps (`getModelMultiplierCapBlockState`, `getRetiredModelBlockState`, `checkUnknownModelRejection`) so they are now enforced on WebSocket connections too. - `proxy-request.js` `createProxyWebSocket` call: passes the 3 new guard deps to the WebSocket factory. - `server.websocket.test.js`: new 'security guards' describe block with 5 tests covering all 4 common guards on the WebSocket path plus a passing-case test. Closes #4789

github-actions · 2026-06-14T17:22:15Z

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	96.60%	96.64%	📈 +0.04%
Statements	96.47%	96.51%	📈 +0.04%
Functions	98.80%	98.80%	➡️ +0.00%
Branches	91.18%	91.21%	📈 +0.03%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
`src/workdir-setup.ts`	92.6% → 94.4% (+1.85%)	92.6% → 94.4% (+1.85%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

Copilot

Pull request overview

This PR refactors the api-proxy’s security-guard enforcement so the HTTP request path and the WebSocket upgrade path share a single canonical list of guard descriptors, reducing duplication and helping keep enforcement consistent between the two proxy entry points.

Changes:

Added a shared buildCommonGuardChecks(deps, model) factory to define the canonical set/order of common guard checks.
Refactored both the HTTP guard loop (enforceGuards in proxy-request.js) and the WebSocket upgrade guard enforcement (enforceWebSocketGuards in websocket-proxy.js) to iterate the shared descriptor list.
Added WebSocket-focused guard tests to ensure guard enforcement is exercised on the upgrade path.

Show a summary per file

File	Description
containers/api-proxy/websocket-proxy.js	Replaces duplicated inline WebSocket guard `if` blocks with a shared, data-driven guard loop.
containers/api-proxy/proxy-request.js	Replaces the inline HTTP guard descriptor array with `buildCommonGuardChecks(...)` and wires new deps into `createProxyWebSocket`.
containers/api-proxy/guards/common-guard-checks.js	Introduces the shared guard-descriptor factory used by both HTTP and WebSocket paths.
containers/api-proxy/server.websocket.test.js	Adds tests validating that guard enforcement runs on the WebSocket upgrade path.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Files reviewed: 4/4 changed files
Comments generated: 2

+ * Model-specific guards (model_multiplier_cap, retired_model,
+ * unknown_model_ai_credits) are only included when `model` is non-null.  For
+ * WebSocket upgrade requests there is no JSON request body, so callers should
+ * pass null and the model guards are skipped.


+// These tests verify that all common security guards are enforced on the
+// WebSocket upgrade path using the shared buildCommonGuardChecks factory.
+// Guards are triggered by directly calling their apply functions (same
+// technique used in guards/*.test.js unit tests).
+


github-actions · 2026-06-14T19:16:30Z

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	ok	✅ PASS
Go	env	✅	ok	✅ PASS
Go	uuid	✅	ok	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	all passed	✅ PASS
Node.js	execa	✅	all passed	✅ PASS
Node.js	p-limit	✅	all passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #4950 · ◷

github-actions · 2026-06-14T19:20:38Z

🔬 Smoke Test: Copilot PAT Auth — PASS

Test	Result
GitHub MCP connectivity	✅
GitHub.com HTTP	✅ 200
File write/read	✅

Auth mode: PAT (COPILOT_GITHUB_TOKEN)

PR: refactor(api-proxy): deduplicate guard enforcement between HTTP and WebSocket paths, fix 3 missing WebSocket guards
Author: @Copilot · Assignees: @lpcox @Copilot

🔑 PAT report filed by Smoke Copilot PAT

github-actions · 2026-06-14T19:21:15Z

🔍 Smoke Test Results — PASS

Test	Status
GitHub MCP connectivity	✅
GitHub.com HTTP	✅ 200
File write/read	✅

PR: refactor(api-proxy): deduplicate guard enforcement between HTTP and WebSocket paths, fix 3 missing WebSocket guards
Author: @Copilot | Assignees: @lpcox @Copilot

Overall: PASS ✅

📰 BREAKING: Report filed by Smoke Copilot

github-actions · 2026-06-14T19:21:19Z

Smoke Test: Copilot BYOK Direct Mode ✅ PASS

✅ GitHub MCP connectivity
✅ GitHub.com connectivity (HTTP 200)
✅ File write/read
✅ BYOK inference path (api-proxy → api.githubcopilot.com)

Running in direct BYOK mode via COPILOT_PROVIDER_API_KEY (agent → api-proxy sidecar → api.githubcopilot.com).

cc @lpcox @Copilot

🔑 BYOK report filed by Smoke Copilot BYOK

github-actions · 2026-06-14T19:21:39Z

🔭 Smoke Test: API Proxy OpenTelemetry Tracing

Scenario	Result	Notes
1. Module Loading	✅	`otel.js` loads cleanly; exports: `startRequestSpan`, `setTokenAttributes`, `setBudgetAttributes`, `endSpan`, `endSpanError`, `shutdown`, `isEnabled`. Always-on: falls back to `/var/log/api-proxy/otel.jsonl` when no OTLP endpoint is configured.
2. Test Suite	✅	59 tests passed, 0 failed across 2 suites (`otel.test.js`, `otel-fanout.test.js`).
3. Env Var Forwarding	✅	`src/services/api-proxy-service-config.ts` forwards `GH_AW_OTLP_ENDPOINTS`, `OTEL_EXPORTER_OTLP_ENDPOINT`, `OTEL_EXPORTER_OTLP_HEADERS`, `GITHUB_AW_OTEL_TRACE_ID`, `GITHUB_AW_OTEL_PARENT_SPAN_ID`, and `OTEL_SERVICE_NAME` to the api-proxy container.
4. Token Tracker Integration	✅	`token-tracker-http.js` line 256: `onUsage` callback confirmed as the OTEL hook point for `gen_ai.usage.*` attribute injection.
5. OTEL Diagnostics	✅ (expected)	No live containers ran in this smoke test; file-fallback exporter active by default. No unexpected errors.

All scenarios pass. OTEL tracing integration is functional.

📡 OTel tracing validated by Smoke OTel Tracing

github-actions · 2026-06-14T19:22:30Z

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌ No
Node.js	v24.16.0	v22.22.3	❌ No
Go	go1.22.12	go1.22.12	✅ Yes

Overall: ❌ Not all tests passed — Python and Node.js versions differ between host and chroot environments.

Tested by Smoke Chroot

github-actions · 2026-06-14T19:22:43Z

Refactor OpenAI BYOK base URL parsing to reuse shared proxy URL normalization ✅
refactor(api-proxy): split proxy-request.js into http-client.js and body-handler.js ✅
Overall: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

github-actions · 2026-06-14T19:23:04Z

Smoke Test Results

GitHub MCP Testing: ✅ PASS (PRs: Optimize security-guard token usage with pre-run relevance gating, lower turn cap, and leaner prompt context #2113, Optimize security-guard Claude token usage via prompt cache alignment and smaller diff payloads #2085)
GitHub.com Connectivity: ❌ FAIL (Status 000, Exit 35)
File Writing Testing: ✅ PASS
Bash Tool Testing: ✅ PASS

Overall Status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini

github-actions · 2026-06-14T19:23:27Z

Smoke Test: GitHub Actions Services Connectivity

Check	Result
Redis PING	❌ No response (timeout)
PostgreSQL pg_isready	❌ No response
PostgreSQL SELECT 1	❌ No response

host.docker.internal resolves to 172.17.0.1 but neither port 6379 (Redis) nor 5432 (PostgreSQL) is reachable. Service containers do not appear to be running in this workflow environment.

Overall: ❌ FAIL

🔌 Service connectivity validated by Smoke Services

github-actions · 2026-06-14T19:25:12Z

@lpcox smoke test results:

GitHub MCP Testing: ✅
GitHub.com Connectivity: ✅
File Write/Read Test: ✅
BYOK Inference Test: ✅
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra
Overall: PASS

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)

Initial plan

1520e0a

Copilot AI assigned Copilot and lpcox Jun 14, 2026

Copilot started work on behalf of lpcox June 14, 2026 17:10 View session

Copilot AI changed the title ~~[WIP] Refactor security guard checks in WebSocket path~~ refactor(api-proxy): deduplicate guard enforcement between HTTP and WebSocket paths, fix 3 missing WebSocket guards Jun 14, 2026

Copilot finished work on behalf of lpcox June 14, 2026 17:19

Copilot AI requested a review from lpcox June 14, 2026 17:19

lpcox marked this pull request as ready for review June 14, 2026 17:20

Copilot AI review requested due to automatic review settings June 14, 2026 17:20

Copilot started reviewing on behalf of lpcox June 14, 2026 17:21 View session

Copilot AI temporarily deployed to aoai-model June 14, 2026 17:23 Inactive

Copilot AI reviewed Jun 14, 2026

View reviewed changes