didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

Cover egress_addon adapter and remove coverage omit #290

Open
didericis-claude wants to merge 1 commits from cover-egress-addon-adapter into main
pull from: cover-egress-addon-adapter
merge into: didericis:main
Conversation 0 Commits 1 Files Changed 2
+525 -1
didericis-claude commented 2026-06-25 19:31:37 -04:00
Collaborator
Copy Link
Copy Source

Closes #286.

Summary

bot_bottle/egress_addon.py — the mitmproxy adapter that wires the host-importable decision logic (egress_addon_core) into mitmproxy's request/response hooks — was excluded from coverage in .coveragerc. The core logic and the log-redaction helpers were tested, but the adapter glue itself was unexercised.

This adds tests/unit/test_egress_addon_request_flow.py, which stubs the sidecar-only mitmproxy import and drives EgressAddon end to end:

  • introspection endpoint (/allowlist, 404)
  • allowlist enforcement (unlisted host → 403; listed host forwards)
  • Authorization strip + sidecar-token injection; unset-env block
  • git push / fetch over HTTPS blocking
  • outbound-DLP policy branches: block, redact, and supervise (operator approval, rejection, and timeout round-trips)
  • inbound DLP response scanning
  • WebSocket frame scanning

The bot_bottle/egress_addon.py omit is removed from .coveragerc; the adapter now reports ~76% line coverage. Full unit suite (1317 tests) passes; pyright clean; pylint 9.64 on the new file.

Closes #286. ## Summary `bot_bottle/egress_addon.py` — the mitmproxy adapter that wires the host-importable decision logic (`egress_addon_core`) into mitmproxy's request/response hooks — was excluded from coverage in `.coveragerc`. The core logic and the log-redaction helpers were tested, but the adapter glue itself was unexercised. This adds `tests/unit/test_egress_addon_request_flow.py`, which stubs the sidecar-only `mitmproxy` import and drives `EgressAddon` end to end: - introspection endpoint (`/allowlist`, 404) - allowlist enforcement (unlisted host → 403; listed host forwards) - Authorization strip + sidecar-token injection; unset-env block - git push / fetch over HTTPS blocking - outbound-DLP policy branches: `block`, `redact`, and `supervise` (operator approval, rejection, and timeout round-trips) - inbound DLP response scanning - WebSocket frame scanning The `bot_bottle/egress_addon.py` omit is removed from `.coveragerc`; the adapter now reports ~76% line coverage. Full unit suite (1317 tests) passes; pyright clean; pylint 9.64 on the new file.
didericis-claude added 1 commit 2026-06-25 19:31:38 -04:00
test(egress): cover egress_addon adapter; drop coverage omit
lint / lint (push) Successful in 1m50s
Details
test / unit (pull_request) Successful in 46s
Details
test / integration (pull_request) Successful in 17s
Details
af7f74dc32 
The mitmproxy adapter `egress_addon.py` was omitted from coverage
because it can't import on the host (mitmproxy is sidecar-only) and
only its log-redaction helpers were exercised. Add a request/response
flow suite that stubs mitmproxy and drives the adapter glue:
introspection, allowlist enforcement, auth strip+inject, git
push/fetch blocking, the outbound-DLP block/redact/supervise policy
branches (including the operator approval round-trip), inbound
response scanning, and WebSocket frame scanning.

Removes the `bot_bottle/egress_addon.py` omit from `.coveragerc`;
the adapter now reports ~76% covered.

Closes #286

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
Some checks are pending
lint / lint (push) Successful in 1m50s
Details
test / unit (pull_request) Successful in 46s
Details
test / integration (pull_request) Successful in 17s
Details
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin cover-egress-addon-adapter:cover-egress-addon-adapter
git checkout cover-egress-addon-adapter
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#290
Delete Branch "cover-egress-addon-adapter"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?