Skip to content

[Refactoring] Split api-proxy-service.test.ts into focused test modules #3297

Closed
#3299
Closed
[Refactoring] Split api-proxy-service.test.ts into focused test modules#3297
#3299
Assignees
lpcoxcopilot-swe-agent
Labels
code-qualityrefactoring
@github-actions

Description

@github-actions
github-actions
bot
opened on May 17, 2026

Refactoring Opportunity

Summary

  • File: src/services/api-proxy-service.test.ts
  • Current size: 1,195 lines
  • Responsibilities identified: 6+ distinct concern areas

Evidence

The file contains a single top-level describe('API proxy sidecar', ...) block with 97 it() tests spanning several conceptually distinct feature areas:

Lines Concern
15–528 Core service configuration (existence, image selection, capabilities, healthcheck, resource limits)
246–393 Security: API key isolation — verifying keys are not leaked to agent even with envAll
410–529 Rate limiting and token-guard configuration
532–580 OIDC runtime env forwarding
581–1195 AWF_ANTHROPIC_* / AWF_GEMINI_* env var forwarding and model configuration

The file mixes service-lifecycle assertions with security-critical key-isolation tests and protocol-specific env forwarding, making it hard to navigate when debugging a specific sub-feature.

# Reproduce current state
wc -l src/services/api-proxy-service.test.ts   # 1195
grep -c '^\s*it(' src/services/api-proxy-service.test.ts  # 97
grep -n '^\s*describe(' src/services/api-proxy-service.test.ts
# 15: describe('API proxy sidecar', () => {
# 532:   describe('OIDC runtime env forwarding', ...)
# 581:   describe('AWF_ANTHROPIC_* env var forwarding', ...)

Proposed Split

src/services/api-proxy-service.test.ts (1,195 lines) could be split into:

  • src/services/api-proxy-service-config.test.ts — service configuration, image selection, healthcheck, resource limits, capabilities (~250 lines)
  • src/services/api-proxy-service-key-isolation.test.tssecurity-critical: API key non-leakage assertions for envAll and normal modes (~200 lines)
  • src/services/api-proxy-service-rate-limit.test.ts — rate limiting, token guard, max-runs, agent timeout (~150 lines)
  • src/services/api-proxy-service-env-forwarding.test.ts — OIDC, Anthropic, Gemini env var forwarding (~550 lines)

Shared mock setup (e.g. mockConfig, mockNetworkConfigWithProxy) could be extracted to a api-proxy-service.test-utils.ts helper, following the existing pattern in src/test-helpers/.

Affected Callers

No callers — test files are not imported. Jest discovery via glob pattern in jest.config.js will automatically pick up renamed files. No import updates needed.

Effort Estimate

Low — mechanical split of one file into four. Shared mocks need extraction to a helper, which is straightforward.

Security Note

The key-isolation tests (lines 246–393) verify that ANTHROPIC_API_KEY, OPENAI_API_KEY, and CODEX_API_KEY are not passed through to the agent container. These tests should be in their own clearly-named file so security reviewers can find them immediately.

Benefits

  • Security-critical key-isolation tests become immediately discoverable
  • Each test file maps to one feature area — easier to navigate during debugging
  • Smaller test modules reduce CI output noise on targeted test runs (e.g. --testPathPattern)
  • Consistent with existing split-by-concern pattern already applied to production code

Detected by Refactoring Scanner workflow. Run date: 2026-05-17

Generated by Refactoring Opportunity Scanner · ● 7.9M ·

  • expires on Jul 16, 2026, 3:20 PM UTC

Metadata

Metadata

Assignees

Labels

code-qualityrefactoring

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions