[Test Coverage] container-lifecycle.ts retry/timeout/kill branches by github-actions[bot] · Pull Request #4809 · github/gh-aw-firewall

github-actions · 2026-06-12T09:47:57Z

Adds 14 focused Jest unit tests covering previously-uncovered branches in src/container-lifecycle.ts.

What's covered

`startContainers` retry failure paths

API proxy fails on both attempts — verifies the specific "awf-api-proxy failed to start on both attempts" error and that logContainerLogsToStderr is called twice
Squid fails on first attempt, retry also fails — verifies the code falls through to handleHealthcheckError (squid failure on retry logs but doesn't throw directly)
CLI proxy fails on first attempt (no retry) — verifies the specific "awf-cli-proxy could not connect" message and that compose-up is only called once
CLI proxy fails during the retry attempt — triggered when api-proxy caused the retry but cli-proxy is what fails second time
runComposeDown throws before retry — the cleanup failure is swallowed and the retry still proceeds

`runAgentCommand` timeout path

Container exceeds agentTimeoutMinutes — fake timers advance past the timeout; asserts exitCode = 124 and docker stop -t 10 called
Container exits before timeout — docker-wait resolves first; asserts the actual exit code is used and docker stop is NOT called

`runAgentCommand` externally-killed path

isAgentExternallyKilled() short-circuit — squid-log analysis is skipped, blockedDomains is empty
Fallback to 143 when docker-wait returns 0 — 0 || 143 === 143 branch

`fastKillAgentContainer`

Default 3-second stop timeout
Custom stop timeout value
Silent error handling (docker CLI unavailable)
Agent is marked as externally killed even when docker stop fails

Approach

container-startup-diagnostics and squid-log-reader are Jest-mocked so tests have full control over didContainerFailStartup / handleHealthcheckError return values without relying on internal message-parsing heuristics. Fake timers (jest.useFakeTimers) are used for the timeout tests.

Generated by Test Coverage Improver · ◷

Add 14 focused Jest unit tests targeting previously-uncovered paths: - startContainers retry failures (api-proxy fails both attempts → specific throw) - startContainers squid retry falls through to handleHealthcheckError - startContainers cli-proxy first-attempt failure (no retry, specific throw) - startContainers cli-proxy failure during retry attempt - startContainers graceful handling of runComposeDown failure before retry - runAgentCommand timeout path (agentTimeoutMinutes, exitCode 124, docker stop called) - runAgentCommand externally-killed short-circuit (isAgentExternallyKilled, skips squid analysis) - fastKillAgentContainer: default/custom stop timeout, silent error handling, marks agent killed All container-startup-diagnostics and squid-log-reader calls are mocked for deterministic, fast tests without Docker or filesystem dependencies. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

github-actions · 2026-06-12T15:53:03Z

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	96.52%	96.63%	📈 +0.11%
Statements	96.44%	96.54%	📈 +0.10%
Functions	98.78%	98.78%	➡️ +0.00%
Branches	91.12%	91.26%	📈 +0.14%

📁 Per-file Coverage Changes (2 files)

File	Lines (Before → After)	Statements (Before → After)
`src/config-writer.ts`	89.9% → 91.1% (+1.19%)	89.9% → 91.1% (+1.19%)
`src/container-lifecycle.ts`	96.6% → 100.0% (+3.41%)	96.8% → 100.0% (+3.23%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

Copilot

Pull request overview

Adds a new Jest unit test suite to increase branch coverage for src/container-lifecycle.ts, focusing on retry behavior in startContainers, timeout/external-kill branches in runAgentCommand, and error-handling/timeout options in fastKillAgentContainer.

Changes:

Adds targeted tests for startContainers retry/no-retry failure paths (api-proxy, squid, cli-proxy) including cleanup-before-retry behavior.
Adds timeout and externally-killed branch tests for runAgentCommand.
Adds tests for fastKillAgentContainer default/custom stop timeouts and error swallowing.

Show a summary per file

File	Description
src/container-lifecycle-retry-timeout.test.ts	New unit tests covering previously-uncovered retry/timeout/external-kill branches in `container-lifecycle.ts`.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Files reviewed: 1/1 changed files
Comments generated: 1

github-actions · 2026-06-12T16:08:37Z

GitHub API: ✅ PASS
GitHub check: ✅ PASS
File verify: ✅ PASS

Total: PASS

💥 [THE END] — Illustrated by Smoke Claude

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

lpcox · 2026-06-12T19:19:37Z

@copilot fix this failing ci check https://github.com/github/gh-aw-firewall/actions/runs/27435207418/job/81095729513?pr=4809

… v0.79.6

Copilot · 2026-06-12T19:24:35Z

@copilot fix this failing ci check https://github.com/github/gh-aw-firewall/actions/runs/27435207418/job/81095729513?pr=4809

Fixed in 3d1e87a. Two test suites were asserting the v0.79.4 SHA (d059700c...) in lock files that the chore: upgrade all agentic workflows commit on main had already updated to v0.79.6 (5c2fe865...). Updated both scripts/ci/security-guard-workflow.test.ts and scripts/ci/test-coverage-improver-workflow.test.ts to match the current pin.

github-actions · 2026-06-12T19:40:39Z

🔥 Smoke Test Results — Auth mode: PAT (COPILOT_GITHUB_TOKEN)

Test	Result
GitHub MCP connectivity	✅
github.com HTTP connectivity (200)	✅
File write/read	✅

Overall: PASS

PR: [Test Coverage] container-lifecycle.ts retry/timeout/kill branches
Author: @github-actions · Reviewer: @lpcox

🔑 PAT report filed by Smoke Copilot PAT

github-actions · 2026-06-12T19:40:52Z

Smoke Test Results: Copilot BYOK (Direct) Mode ✅

Test Summary:

✅ GitHub MCP connectivity verified (retrieved PR metadata)
✅ Direct BYOK mode active (COPILOT_API_KEY → api-proxy → api.githubcopilot.com)
✅ Agent inference working (reading and responding to prompts)
✅ Placeholder credentials isolated in agent

Mode: Running in direct BYOK mode via api-proxy sidecar with real credentials held by proxy.

Status: PASS

🔑 BYOK report filed by Smoke Copilot BYOK

github-actions · 2026-06-12T19:41:17Z

🤖 Copilot Smoke Test Results

Test	Status
GitHub MCP connectivity	✅
GitHub.com HTTP (200)	✅
File write/read	✅

Overall: PASS

PR: [Test Coverage] container-lifecycle.ts retry/timeout/kill branches · Author: @github-actions[bot] · Reviewer: @lpcox

📰 BREAKING: Report filed by Smoke Copilot

github-actions · 2026-06-12T19:41:23Z

Smoke test results:

GitHub MCP connectivity: ✅
GitHub.com HTTP connectivity: ✅
Agent file I/O: ✅
Direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw): ✅
Overall: PASS

@Copilot

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)

github-actions · 2026-06-12T19:41:26Z

Smoke test results:

Merged PRs: chore: upgrade all agentic workflows
Merged PRs: test: regression tests for Copilot SDK model-missing AI credits bug
GitHub reads: ✅
SafeInputs GH CLI: ✅
Playwright: ✅
File write: ✅
Discussion comment: ✅
Build: ✅
Overall: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

github-actions · 2026-06-12T19:42:11Z

Chroot Version Comparison

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌
Node.js	v24.16.0	v22.22.3	❌
Go	go1.22.12	go1.22.12	✅

Result: ❌ Not all versions match — Python and Node.js differ between host and chroot environments.

Tested by Smoke Chroot

github-actions · 2026-06-12T19:42:49Z

@github-actions[bot]

GitHub MCP connectivity: ✅
GitHub.com connectivity: ✅
File write/read test: ✅
BYOK inference test: ✅
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra
Overall: PASS

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)

github-actions · 2026-06-12T19:43:31Z

Smoke Test Results

Check	Result
Redis PING	❌ (no response / timeout)
PostgreSQL pg_isready	❌ `host.docker.internal:5432 - no response`
PostgreSQL SELECT 1	❌ (no response / timeout)

Overall: FAIL — host.docker.internal service containers are not reachable from this runner environment.

🔌 Service connectivity validated by Smoke Services

github-actions · 2026-06-12T19:59:48Z

Build Test Suite Results — 8 Ecosystems

All 18 projects completed across 8 ecosystems. All clones succeeded.

{
  "results": [
    {
      "ecosystem": "Bun",
      "project": "elysia",
      "clone_status": "ok",
      "build_status": "N/A",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "Bun",
      "project": "hono",
      "clone_status": "ok",
      "build_status": "N/A",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "C++",
      "project": "fmt",
      "clone_status": "ok",
      "build_status": "ok",
      "test_status": "N/A",
      "tests_passed": null,
      "tests_total": null,
      "error": null
    },
    {
      "ecosystem": "C++",
      "project": "json",
      "clone_status": "ok",
      "build_status": "ok",
      "test_status": "N/A",
      "tests_passed": null,
      "tests_total": null,
      "error": null
    },
    {
      "ecosystem": "Deno",
      "project": "oak",
      "clone_status": "ok",
      "build_status": "N/A",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "Deno",
      "project": "std",
      "clone_status": "ok",
      "build_status": "N/A",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": ".NET",
      "project": "hello-world",
      "clone_status": "ok",
      "build_status": "ok",
      "test_status": "N/A",
      "tests_passed": null,
      "tests_total": null,
      "error": null
    },
    {
      "ecosystem": ".NET",
      "project": "json-parse",
      "clone_status": "ok",
      "build_status": "ok",
      "test_status": "N/A",
      "tests_passed": null,
      "tests_total": null,
      "error": null
    },
    {
      "ecosystem": "Go",
      "project": "color",
      "clone_status": "ok",
      "build_status": "N/A",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "Go",
      "project": "env",
      "clone_status": "ok",
      "build_status": "N/A",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "Go",
      "project": "uuid",
      "clone_status": "ok",
      "build_status": "N/A",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "Java",
      "project": "gson",
      "clone_status": "ok",
      "build_status": "ok",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "Java",
      "project": "caffeine",
      "clone_status": "ok",
      "build_status": "ok",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "Node.js",
      "project": "clsx",
      "clone_status": "ok",
      "build_status": "N/A",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "Node.js",
      "project": "execa",
      "clone_status": "ok",
      "build_status": "N/A",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "Node.js",
      "project": "p-limit",
      "clone_status": "ok",
      "build_status": "N/A",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "Rust",
      "project": "fd",
      "clone_status": "ok",
      "build_status": "ok",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    },
    {
      "ecosystem": "Rust",
      "project": "zoxide",
      "clone_status": "ok",
      "build_status": "ok",
      "test_status": "ok",
      "tests_passed": 1,
      "tests_total": 1,
      "error": null
    }
  ],
  "clone_failures": [],
  "all_clones_failed": false
}

Notes

Java: ~/.m2/ was root-owned (no write access); fixed by using -Dmaven.repo.local pointing to workspace directory
Bun v1.3.14 installed; Deno v2.8.3 installed during run
Node.js: tests use custom node test.js scripts with assert.strictEqual (1 assertion each)
C++ / .NET: build-only projects, no unit test framework
Rust: pre-compiled stubs (0.03s build), not the real fd/zoxide source

Generated by Build Test Suite for issue #4809 · ◷

lpcox marked this pull request as ready for review June 12, 2026 15:51

Copilot AI review requested due to automatic review settings June 12, 2026 15:51

Copilot started reviewing on behalf of lpcox June 12, 2026 15:52 View session

github-actions Bot temporarily deployed to aoai-model June 12, 2026 15:54 Inactive

Copilot AI reviewed Jun 12, 2026

View reviewed changes

Comment thread src/container-lifecycle-retry-timeout.test.ts