Add host/sidecar parity guard for API proxy provider env constants#5837
Conversation
There was a problem hiding this comment.
Pull request overview
This PR reduces drift risk between host TypeScript and API-proxy sidecar CommonJS provider environment-variable constants by adding a Jest parity test that fails CI when the two constant sets diverge, and by updating file headers to point at that enforcement mechanism.
Changes:
- Added a Jest test to assert
OPENAI_ENV,ANTHROPIC_ENV,GEMINI_ENV, andCOPILOT_ENVmatch exactly between host TS and sidecar JS. - Updated header comments in both constants files to remove conflicting “source of truth” wording and reference the new parity test.
Show a summary per file
| File | Description |
|---|---|
| src/api-proxy-env-constants.ts | Updates header comment to clarify synchronization is enforced via parity test. |
| src/api-proxy-env-constants-sync.test.ts | Adds Jest test that asserts exact equality of provider env-constant objects across TS/JS. |
| containers/api-proxy/provider-env-constants.js | Updates header comment to align with parity-test enforcement approach. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 3/3 changed files
- Comments generated: 0
- Review effort level: Low
|
✅ Copilot review passed with no inline comments. @copilot Add the |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
🔌 Smoke Services — All services reachable! ✅ |
|
✅ Build Test Suite completed successfully! |
|
✅ Smoke Claude passed |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
✅ Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓 |
|
✅ Smoke Gemini completed. All facets verified. 💎 Gemini Engine Validation complete. Status: FAIL. Connectivity failed (000). MCP tools missing. File creation and verification passed. |
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
|
❌ Security Guard failed. Please review the logs for details. |
|
✅ Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓 |
|
✅ Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓 |
|
✅ Contribution Check completed successfully! PR follows the applicable CONTRIBUTING.md guidelines; no contribution-guidelines comment needed. |
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
🔬 Smoke Test Results
Overall: PASS 🎉 Author: Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Smoke Test: Copilot BYOK (Direct) Mode — PASS ✅
Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY) via api-proxy → api.githubcopilot.com Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Claude Engine Validation
Overall Result: PASS ✅ Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Services Connectivity
Overall: FAIL — Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
🔥 Smoke Test: Copilot PAT Auth
Overall: PASS | Auth mode: PAT (COPILOT_GITHUB_TOKEN) PR author: Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Smoke test results:\n- Add host/sidecar parity guard for API proxy provider env constants: ✅\n- Deduplicate provider auth header construction across runtime, validation, and model fetch paths: ✅\n- GitHub PR query: ✅\n- Playwright title check: ✅\n- Smoke file write/read: ✅\n- Build: ✅\nOverall: PASS Warning Firewall blocked 2 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"
- "registry.npmjs.org"See Network Configuration for more information.
|
|
Smoke test result: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: API Proxy OpenTelemetry Tracing
All scenarios pass or are expected-pending. OTEL tracing integration is fully implemented and tested. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra
Overall: PASS
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Provider env-var names for API proxy adapters were maintained in parallel in TypeScript and CommonJS, creating a drift risk in credential forwarding and target routing. This change introduces an explicit parity guard so mismatches fail fast in CI rather than surfacing as runtime auth/routing regressions.
Parity enforcement across TS and sidecar JS
src/api-proxy-env-constants-sync.test.tsto assert exact equality ofOPENAI_ENV,ANTHROPIC_ENV,GEMINI_ENV, andCOPILOT_ENVbetween:src/api-proxy-env-constants.tscontainers/api-proxy/provider-env-constants.jsSource-of-truth wording cleanup