refactor(api-proxy): export function for tests and improve docs

Claude · lpcox · Claude · commit 43f446fb3306 · 2026-02-27T01:08:03.000Z
- Export deriveCopilotApiTarget for testing (remove duplicate)
- Update COPILOT_API_TARGET docs to show both flag and env sources
- Use wildcard domain patterns in GHEC examples
- Add domain matching explanation

Co-authored-by: lpcox &lt;15877973+lpcox@users.noreply.github.com&gt;
diff --git a/containers/api-proxy/server.js b/containers/api-proxy/server.js
@@ -395,6 +395,13 @@ function handleManagementEndpoint(req, res) {
   return false;
 }
 
+// Export for testing
+module.exports = {
+  deriveCopilotApiTarget,
+};
+
+// Only start servers if this file is run directly (not required for tests)
+if (require.main === module) {
 // Health port is always 10000 — this is what Docker healthcheck hits
 const HEALTH_PORT = 10000;
 
@@ -514,3 +521,5 @@ process.on('SIGINT', () => {
   logRequest('info', 'shutdown', { message: 'Received SIGINT, shutting down gracefully' });
   process.exit(0);
 });
+
+} // End of if (require.main === module)
diff --git a/containers/api-proxy/server.test.js b/containers/api-proxy/server.test.js
@@ -2,6 +2,8 @@
  * Tests for API Proxy Server functions
  */
 
+const { deriveCopilotApiTarget } = require('./server');
+
 describe('deriveCopilotApiTarget', () => {
   let originalEnv;
 
@@ -15,166 +17,79 @@ describe('deriveCopilotApiTarget', () => {
     process.env = originalEnv;
   });
 
-  // Helper function to reload the module and get the derived target
-  function getDerivedTarget(env = {}) {
-    // Set environment variables
-    Object.keys(env).forEach(key => {
-      process.env[key] = env[key];
-    });
-
-    // Clear module cache to force re-evaluation
-    delete require.cache[require.resolve('./server.js')];
-
-    // Mock the required modules that have side effects
-    jest.mock('http', () => ({
-      createServer: jest.fn(() => ({
-        listen: jest.fn(),
-      })),
-    }));
-
-    jest.mock('https', () => ({
-      request: jest.fn(),
-    }));
-
-    jest.mock('./logging', () => ({
-      generateRequestId: jest.fn(() => 'test-id'),
-      sanitizeForLog: jest.fn(x => x),
-      logRequest: jest.fn(),
-    }));
-
-    jest.mock('./metrics', () => ({
-      increment: jest.fn(),
-      gaugeInc: jest.fn(),
-      gaugeDec: jest.fn(),
-      observe: jest.fn(),
-      statusClass: jest.fn(() => '2xx'),
-      getSummary: jest.fn(() => ({})),
-      getMetrics: jest.fn(() => ({})),
-    }));
-
-    jest.mock('./rate-limiter', () => ({
-      create: jest.fn(() => ({
-        check: jest.fn(() => ({ allowed: true })),
-        getAllStatus: jest.fn(() => ({})),
-      })),
-    }));
-
-    // We can't easily extract the function since it's not exported,
-    // but we can test via the startup logs which log COPILOT_API_TARGET
-    // For now, let's create a standalone version to test
-    return deriveCopilotApiTargetStandalone(env);
-  }
-
-  // Standalone version of the function for testing
-  function deriveCopilotApiTargetStandalone(env) {
-    const COPILOT_API_TARGET = env.COPILOT_API_TARGET;
-    const GITHUB_SERVER_URL = env.GITHUB_SERVER_URL;
-
-    if (COPILOT_API_TARGET) {
-      return COPILOT_API_TARGET;
-    }
-
-    if (GITHUB_SERVER_URL) {
-      try {
-        const hostname = new URL(GITHUB_SERVER_URL).hostname;
-        if (hostname !== 'github.com') {
-          // For GitHub Enterprise Cloud with data residency (*.ghe.com),
-          // derive the API endpoint as api.SUBDOMAIN.ghe.com
-          if (hostname.endsWith('.ghe.com')) {
-            const subdomain = hostname.replace('.ghe.com', '');
-            return `api.${subdomain}.ghe.com`;
-          }
-          // For other enterprise hosts (GHES), use the generic enterprise endpoint
-          return 'api.enterprise.githubcopilot.com';
-        }
-      } catch {
-        // Invalid URL — fall through to default
-      }
-    }
-    return 'api.githubcopilot.com';
-  }
-
   test('should return default api.githubcopilot.com when no env vars set', () => {
-    const target = getDerivedTarget({});
+    delete process.env.COPILOT_API_TARGET;
+    delete process.env.GITHUB_SERVER_URL;
+
+    const target = deriveCopilotApiTarget();
     expect(target).toBe('api.githubcopilot.com');
   });
 
   test('should use COPILOT_API_TARGET when explicitly set', () => {
-    const target = getDerivedTarget({
-      COPILOT_API_TARGET: 'custom.api.example.com',
-    });
+    process.env.COPILOT_API_TARGET = 'custom.api.example.com';
+    const target = deriveCopilotApiTarget();
     expect(target).toBe('custom.api.example.com');
   });
 
   test('should prioritize COPILOT_API_TARGET over GITHUB_SERVER_URL', () => {
-    const target = getDerivedTarget({
-      COPILOT_API_TARGET: 'custom.api.example.com',
-      GITHUB_SERVER_URL: 'https://mycompany.ghe.com',
-    });
+    process.env.COPILOT_API_TARGET = 'custom.api.example.com';
+    process.env.GITHUB_SERVER_URL = 'https://mycompany.ghe.com';
+    const target = deriveCopilotApiTarget();
     expect(target).toBe('custom.api.example.com');
   });
 
   test('should return api.githubcopilot.com for github.com', () => {
-    const target = getDerivedTarget({
-      GITHUB_SERVER_URL: 'https://github.com',
-    });
+    process.env.GITHUB_SERVER_URL = 'https://github.com';
+    const target = deriveCopilotApiTarget();
     expect(target).toBe('api.githubcopilot.com');
   });
 
   test('should derive api.SUBDOMAIN.ghe.com for *.ghe.com domains', () => {
-    const target = getDerivedTarget({
-      GITHUB_SERVER_URL: 'https://mycompany.ghe.com',
-    });
+    process.env.GITHUB_SERVER_URL = 'https://mycompany.ghe.com';
+    const target = deriveCopilotApiTarget();
     expect(target).toBe('api.mycompany.ghe.com');
   });
 
   test('should derive api.SUBDOMAIN.ghe.com for different *.ghe.com subdomain', () => {
-    const target = getDerivedTarget({
-      GITHUB_SERVER_URL: 'https://acme-corp.ghe.com',
-    });
+    process.env.GITHUB_SERVER_URL = 'https://acme-corp.ghe.com';
+    const target = deriveCopilotApiTarget();
     expect(target).toBe('api.acme-corp.ghe.com');
   });
 
   test('should use api.enterprise.githubcopilot.com for GHES (non-.ghe.com enterprise)', () => {
-    const target = getDerivedTarget({
-      GITHUB_SERVER_URL: 'https://github.enterprise.com',
-    });
+    process.env.GITHUB_SERVER_URL = 'https://github.enterprise.com';
+    const target = deriveCopilotApiTarget();
     expect(target).toBe('api.enterprise.githubcopilot.com');
   });
 
   test('should use api.enterprise.githubcopilot.com for custom GHES domain', () => {
-    const target = getDerivedTarget({
-      GITHUB_SERVER_URL: 'https://git.mycompany.com',
-    });
+    process.env.GITHUB_SERVER_URL = 'https://git.mycompany.com';
+    const target = deriveCopilotApiTarget();
     expect(target).toBe('api.enterprise.githubcopilot.com');
   });
 
   test('should handle GITHUB_SERVER_URL without protocol gracefully', () => {
-    const target = getDerivedTarget({
-      GITHUB_SERVER_URL: 'mycompany.ghe.com',
-    });
+    process.env.GITHUB_SERVER_URL = 'mycompany.ghe.com';
+    const target = deriveCopilotApiTarget();
     // Invalid URL, should fall back to default
     expect(target).toBe('api.githubcopilot.com');
   });
 
   test('should handle invalid GITHUB_SERVER_URL gracefully', () => {
-    const target = getDerivedTarget({
-      GITHUB_SERVER_URL: 'not-a-valid-url',
-    });
+    process.env.GITHUB_SERVER_URL = 'not-a-valid-url';
+    const target = deriveCopilotApiTarget();
     expect(target).toBe('api.githubcopilot.com');
   });
 
   test('should handle GITHUB_SERVER_URL with port', () => {
-    const target = getDerivedTarget({
-      GITHUB_SERVER_URL: 'https://mycompany.ghe.com:443',
-    });
+    process.env.GITHUB_SERVER_URL = 'https://mycompany.ghe.com:443';
+    const target = deriveCopilotApiTarget();
     expect(target).toBe('api.mycompany.ghe.com');
   });
 
   test('should handle GITHUB_SERVER_URL with path', () => {
-    const target = getDerivedTarget({
-      GITHUB_SERVER_URL: 'https://mycompany.ghe.com/some/path',
-    });
+    process.env.GITHUB_SERVER_URL = 'https://mycompany.ghe.com/some/path';
+    const target = deriveCopilotApiTarget();
     expect(target).toBe('api.mycompany.ghe.com');
   });
 });
diff --git a/docs/api-proxy-sidecar.md b/docs/api-proxy-sidecar.md
@@ -110,7 +110,7 @@ export COPILOT_GITHUB_TOKEN="your-token"
 export GITHUB_SERVER_URL="https://mycompany.ghe.com"
 
 sudo -E awf --enable-api-proxy \
-  --allow-domains api.mycompany.ghe.com,mycompany.ghe.com \
+  --allow-domains '*.mycompany.ghe.com' \
   -- npx @github/copilot --prompt "your prompt"
 ```
 
@@ -120,6 +120,10 @@ sudo -E awf --enable-api-proxy \
 - Example: `mycompany.ghe.com` → `api.mycompany.ghe.com`
 - For other enterprise hosts (GHES), it routes to `api.enterprise.githubcopilot.com`
 
+**Domain matching:**
+- `*.mycompany.ghe.com` matches all subdomains (e.g., `api.mycompany.ghe.com`, `github.mycompany.ghe.com`)
+- Add additional domains only if your workflow needs to access other services (e.g., `mycompany.ghe.com` for the base domain)
+
 **Important:** Use `sudo -E` to preserve the `GITHUB_SERVER_URL` environment variable when running awf.
 
 You can also explicitly set the Copilot API target:
@@ -128,7 +132,7 @@ You can also explicitly set the Copilot API target:
 export COPILOT_API_TARGET="api.mycompany.ghe.com"
 sudo -E awf --enable-api-proxy \
   --copilot-api-target api.mycompany.ghe.com \
-  --allow-domains api.mycompany.ghe.com,mycompany.ghe.com \
+  --allow-domains '*.mycompany.ghe.com' \
   -- npx @github/copilot --prompt "your prompt"
 ```
 
@@ -154,7 +158,7 @@ The API proxy sidecar receives **real credentials** and routing configuration:
 | `OPENAI_API_KEY` | Real API key | `--enable-api-proxy` and env set | OpenAI API key (injected into requests) |
 | `ANTHROPIC_API_KEY` | Real API key | `--enable-api-proxy` and env set | Anthropic API key (injected into requests) |
 | `COPILOT_GITHUB_TOKEN` | Real token | `--enable-api-proxy` and env set | GitHub Copilot token (injected into requests) |
-| `COPILOT_API_TARGET` | Target hostname | `--copilot-api-target` flag | Override Copilot API endpoint (default: auto-derived) |
+| `COPILOT_API_TARGET` | Target hostname | `--copilot-api-target` flag or host env `COPILOT_API_TARGET` | Override Copilot API endpoint (default: auto-derived) |
 | `GITHUB_SERVER_URL` | GitHub server URL | Passed from host env | Auto-derives Copilot API endpoint for enterprise (*.ghe.com → api.SUBDOMAIN.ghe.com) |
 | `HTTP_PROXY` | `http://172.30.0.10:3128` | Always | Routes through Squid for domain filtering |
 | `HTTPS_PROXY` | `http://172.30.0.10:3128` | Always | Routes through Squid for domain filtering |
