Extract shared positive-integer parsing for api-proxy guards

[Copilot]

Three api-proxy guard modules each carried the same env-var parsing logic for positive integers, creating avoidable duplication and a three-place maintenance surface. This change consolidates that behavior behind a single guard utility and updates the affected guards to consume it.

• Shared guard utility

  • Adds containers/api-proxy/guards/guard-utils.js with parsePositiveInteger(raw)
  • Centralizes the existing semantics: null for absent/blank/non-integer/<= 0, parsed integer otherwise

• Guard refactor

  • Replaces local parser copies in:
    • max-runs-guard.js
    • timeout-steering.js
    • effective-token-guard.js
  • Keeps each guard’s config caching and runtime behavior unchanged; only the parse source moves

• Focused coverage

  • Adds containers/api-proxy/guards/guard-utils.test.js
  • Covers accepted and rejected inputs for the shared parser so future parse changes land in one place

Example:

const { parsePositiveInteger } = require('./guard-utils');

const maxRuns = parsePositiveInteger(process.env.AWF_MAX_RUNS);
const timeoutMinutes = parsePositiveInteger(process.env.AWF_AGENT_TIMEOUT_MINUTES);
const maxEffectiveTokens = parsePositiveInteger(process.env.AWF_MAX_EFFECTIVE_TOKENS);

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	95.98%	96.05%	📈 +0.07%
Statements	95.81%	95.87%	📈 +0.06%
Functions	97.37%	98.02%	📈 +0.65%
Branches	89.42%	89.48%	📈 +0.06%

📁 Per-file Coverage Changes (4 files)

File	Lines (Before → After)	Statements (Before → After)
src/services/agent-volumes.ts	91.9% → 91.7% (-0.19%)	92.1% → 91.9% (-0.17%)
src/container-lifecycle.ts	93.9% → 94.0% (+0.04%)	94.2% → 94.3% (+0.04%)
src/container-cleanup.ts	90.1% → 90.2% (+0.11%)	90.2% → 90.3% (+0.11%)
src/config-writer.ts	83.0% → 85.6% (+2.54%)	83.0% → 85.6% (+2.54%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

This PR reduces duplication in the api-proxy guard layer by extracting the common “positive integer from env var” parsing logic into a shared guard utility, and refactoring existing guards to use it. It also adds focused unit coverage so any future parsing tweaks can be made (and validated) in one place.

Changes:

• Added parsePositiveInteger(raw) to a new shared guard utility module (guard-utils.js).
• Refactored max-runs-guard, timeout-steering, and effective-token-guard to use the shared parser instead of local copies.
• Added unit tests covering accepted/rejected inputs for the shared parser.

Show a summary per file

File	Description
containers/api-proxy/guards/guard-utils.js	Introduces shared positive-integer parsing helper for guard env/config values.
containers/api-proxy/guards/guard-utils.test.js	Adds unit coverage for the shared parser (with a minor test-name formatting nit).
containers/api-proxy/guards/max-runs-guard.js	Replaces inline max-runs parsing with the shared helper.
containers/api-proxy/guards/timeout-steering.js	Replaces inline timeout-minutes parsing with the shared helper.
containers/api-proxy/guards/effective-token-guard.js	Replaces inline max-effective-tokens parsing with the shared helper.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 5/5 changed files
• Comments generated: 1

[github-actions]

Smoke Test Results

✅ GitHub API: 2 PR entries confirmed
✅ GitHub check: playwright_check PASS
✅ File verify: smoke-test-claude-26262311779.txt exists

Result: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

🤖 Smoke Test Results

Test	Result
GitHub MCP connectivity	✅ PR data fetched successfully
GitHub.com HTTP	⚠️ Pre-step data unavailable (template not expanded)
File write/read	⚠️ Pre-step data unavailable (template not expanded)

PR: "Extract shared positive-integer parsing for api-proxy guards"
Author: @Copilot | Assignees: @lpcox, @Copilot

Overall: PARTIAL — MCP ✅, pre-step smoke data not injected into workflow

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

🔥 Smoke Test: Copilot BYOK (Offline) Mode

Test	Result
GitHub MCP — list PRs	✅ PR #3564 "Refactor Docker Compose teardown into a shared helper" returned
GitHub.com connectivity	⚠️ Pre-step template vars not expanded (${{ }} unexpanded)
File write/read	⚠️ Pre-step template vars not expanded
BYOK inference (api-proxy → api.githubcopilot.com)	✅ Responding via BYOK offline mode

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com

PR author: @Copilot · Assignees: @lpcox, @Copilot

Overall: PASS (core BYOK path confirmed ✅)

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

Smoke Test Codex: FAIL
PRs: Refactor Docker Compose teardown into a shared helper; Remove dead host-path helper re-exports from agent-volumes
GitHub PR review: ✅
Safeinputs GH CLI: ❌
Playwright title: ✅
Tavily search: ❌
File/bash/build: ✅
Discussion comment: ✅

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

[github-actions]

Smoke Test: API Proxy OpenTelemetry Tracing

Scenario	Result	Notes
1. Module Loading	✅	otel.js loads successfully; exports: startRequestSpan, setTokenAttributes, endSpan, endSpanError, shutdown, isEnabled + internal helpers
2. Test Suite	✅	32 tests passed, 0 failed (1 suite matched otel)
3. Env Var Forwarding	✅	api-proxy-service.ts forwards OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_HEADERS, OTEL_SERVICE_NAME, GITHUB_AW_OTEL_TRACE_ID, GITHUB_AW_OTEL_PARENT_SPAN_ID
4. Token Tracker Integration	✅	onUsage callback exists in token-tracker-http.js as the OTEL hook point
5. OTEL Diagnostics	✅	No export errors; graceful degradation confirmed (no endpoint configured = no spans exported, no errors)

All 5 scenarios passed. OTEL tracing integration is working correctly.

📡 OTel tracing validated by Smoke OTel Tracing

[github-actions]

Chroot Version Comparison

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌
Node.js	v24.15.0	v20.20.2	❌
Go	go1.22.12	go1.22.12	✅

Result: Not all tests passed. Python and Node.js versions differ between host and chroot environments.

Tested by Smoke Chroot

[github-actions]

Smoke Test Results

• GitHub MCP: ❌ (mcpscripts not found; found docs(spec): add port information to /reflect endpoint sections #3561 in log)
• Connectivity: ✅ (HTTP 200 via proxy)
• File Writing: ✅
• Bash Tool: ✅

Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	All passed	✅ PASS
Node.js	execa	✅	All passed	✅ PASS
Node.js	p-limit	✅	All passed	✅ PASS
Rust	fd	✅	0/0 (ok)	✅ PASS
Rust	zoxide	✅	0/0 (ok)	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #3565 · ● 7.5M · ◷

[github-actions]

Smoke Test Results — FAIL

Check	Result
Redis PING	❌ timeout (no response)
PostgreSQL pg_isready	❌ no response
PostgreSQL SELECT 1	❌ timeout (no response)

host.docker.internal is not reachable from this environment. All service connectivity checks failed.

🔌 Service connectivity validated by Smoke Services