[Test Coverage] Add branch coverage for audit-enricher, log-and-limits, docker-host-staging#5152
Conversation
Cover previously uncovered branches: - audit-enricher-extra.test.ts: domain edge cases (dash/empty domain, regex metachar detection, invalid-regex catch), HTTP-only protocol matching, unknown-fallback path, transaction-end skip in computeRuleStats, and unknown-hit counting - validators/log-and-limits.test.ts: all validation error exit paths (logLevel, maxEffectiveTokens, maxAiCredits, multipliers, maxRuns, maxPermissionDenied, memoryLimit, agentImage) and success paths - agent-volumes/docker-host-staging.test.ts: shouldUseDockerHostStaging edge cases, stageHostFile directory/traversal rejection, and extractCommandBinaryName with empty/unsafe names Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (4 files)
Coverage comparison generated by |
There was a problem hiding this comment.
Pull request overview
This PR adds new Jest test suites to increase branch coverage for three existing modules (audit-enricher, log-and-limits validator, and docker-host-staging) that were previously below the branch-coverage threshold.
Changes:
- Add an additional
audit-enrichertest suite targeting previously uncovered rule-matching and stats branches. - Add a dedicated
validateLogAndLimitstest suite covering success and failure/exit branches. - Add a first test suite for
docker-host-stagingcovering staging behavior and command parsing helpers.
Show a summary per file
| File | Description |
|---|---|
| src/logs/audit-enricher-extra.test.ts | Adds branch-focused tests for rule matching (regex detection/invalid regex/protocol matching) and computeRuleStats “unknown”/skip paths. |
| src/commands/validators/log-and-limits.test.ts | Adds validator tests for log-level, token/credit/multiplier numeric validation, memory-limit handling, and agent-image/build-local validation. |
| src/services/agent-volumes/docker-host-staging.test.ts | Adds tests for /tmp-prefix staging decisions, staged file-copy/path-traversal rejection, and command binary name extraction. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 3/3 changed files
- Comments generated: 6
|
✅ Copilot review passed with no inline comments. @github-actions[bot] Add the |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
|
✅ Smoke Gemini completed. All facets verified. 💎 |
|
📡 Smoke OTel Tracing reports failed. OTel tracing regression detected. |
|
🔌 Smoke Services — Service connectivity failed |
|
Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded. |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
❌ Smoke Claude failed |
|
🚀 Security Guard has started processing this pull request |
|
✅ Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓 |
|
✅ Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓 |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
❌ Contribution Check failed. Please review the logs for details. |
|
✅ Build Test Suite completed successfully! |
|
✅ Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓 |
🔍 Smoke Test Results — Auth mode: PAT (COPILOT_GITHUB_TOKEN)
Overall: FAIL — file test could not be verified (workflow outputs
|
🔥 Smoke Test ResultsPR: [Test Coverage] Add branch coverage for audit-enricher, log-and-limits, docker-host-staging
Overall: PASS
|
|
✅ feat(api-proxy): forward COPILOT_INTEGRATION_ID from host env Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "registry.npmjs.org"See Network Configuration for more information.
|
|
Smoke Test Results: Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra Overall: PASS
|
Smoke Test Results: Gemini
Overall status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
|
Chroot Version Comparison Results
Overall: FAILED — Python and Node.js versions differ between host and chroot environments.
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
|
|
Smoke Test: Copilot BYOK (Direct) Mode ✅ PASS Test Results:
Status: Running in direct BYOK mode with COPILOT_PROVIDER_API_KEY forwarded to api-proxy sidecar. Agent receives placeholder credential. Inference path operational. /cc
|
Improves test coverage for three modules that were below the 80% branch threshold.
Changes
src/logs/audit-enricher-extra.test.ts(new)Extends coverage of
audit-enricher.tswith previously uncovered branches:domainMatchesRule: dash (-) and empty domain early-return guardsisRegexRuledetection via metacharacters in domain patterns (non-regexaclName)protocol: 'http'withisHttps: false)falsefromprotocolMatchesunknownfallback path inenrichWithPolicyRules(no rule matches)allrules → skippedcomputeRuleStats:url === 'error:transaction-end-before-headers'skipcomputeRuleStats:unknownHits > 0appends theunknownsummary rowsrc/commands/validators/log-and-limits.test.ts(new)First tests for
validateLogAndLimits, covering all 13 previously uncovered branches:infoMessagelogging)process.exit(1)error paths: invalidlogLevel, non-integer/non-positivemaxEffectiveTokens,maxAiCredits,effectiveTokenDefaultModelMultiplier,maxModelMultiplierCap,maxRuns,maxPermissionDenied, malformedmaxModelMultiplier, invalidmemoryLimit, and missing--build-localfor custom imagesrc/services/agent-volumes/docker-host-staging.test.ts(new)First tests for
docker-host-staging.ts, covering all 8 previously uncovered branches:shouldUseDockerHostStaging:undefined, empty, whitespace, exact/tmp, trailing slash,subdirectory, paths outside
/tmp, baretmpwithout leading slashgetDockerHostStageRoot: workDir vs prefix-based root selectionstageHostFile: non-existent source, directory source (not a file), successful copy,path-traversal (
../../etc/passwd) rejection, empty relative path rejection,nested directory creation, custom file mode
extractCommandBinaryName: simple command, path prefix, empty string, whitespace, unsafebasename characters, dots/hyphens allowed, no-argument command
Coverage impact
src/logs/audit-enricher.tssrc/commands/validators/log-and-limits.tssrc/services/agent-volumes/docker-host-staging.tsAll 69 new tests pass. Existing tests are unmodified.