[test] Add tests for proxy.MatchRoute uncovered route patterns

[github-actions]

Test Coverage Improvement: proxy.MatchRoute

Function Analyzed

• Package: internal/proxy
• Function: MatchRoute (in router.go)
• Previous Coverage: Several route patterns completely untested
• New Coverage: 17 additional test cases covering 9 previously-untested route categories
• Complexity: High (50+ route patterns defined via data-driven route table)

Why This Function?

MatchRoute is the central REST routing function — every GitHub API request flows through it to determine which DIFC guard tool to apply. Several route categories added to the route table (router.go) had no corresponding tests in proxy_test.go or proxy_coverage_test.go, creating blind spots in route correctness verification.

Tests Added

The new file internal/proxy/router_uncovered_routes_test.go adds TestMatchRoute_UncoveredRoutes with 17 table-driven test cases covering:

• ✅ Environment-scoped Actions — /repos/{owner}/{repo}/environments/{env}/secrets and .../variables → list_environment_config
• ✅ Org-scoped Actions — /orgs/{org}/actions/secrets, .../variables, and .../variables/{name} → list_org_config
• ✅ Individual discussion — /repos/{owner}/{repo}/discussions/{number} → list_discussions with discussion_number
• ✅ Discussion comments — /repos/{owner}/{repo}/discussions/{number}/comments → get_discussion_comments
• ✅ Commit check-suites — /repos/{owner}/{repo}/commits/{sha}/check-suites → pull_request_read (same tool as check-runs)
• ✅ User SSH signing keys and GPG keys — /user/ssh_signing_keys, /user/gpg_keys → get_me
• ✅ Named Actions variable — /repos/{owner}/{repo}/actions/variables/{name} → list_variables
• ✅ Query string stripping — uncovered route with ?per_page=30 suffix
• ✅ Nil returns — 5 paths that match no route (/unknown-path, /search/users, /repos, /repos/only-owner, /orgs/myorg/members)

Coverage Improvement

Each new test case exercises a distinct code path (route pattern match) in the route table. The nil-return tests also exercise the "no match" branch of MatchRoute's loop which previously had no test coverage.

Test Pattern

Tests follow the established table-driven pattern in the codebase (proxy_test.go, proxy_coverage_test.go), using testify/assert and testify/require for consistent assertion style.

---

Generated by Test Coverage Improver
Next run should target: environment-scoped and org-scoped route patterns in handler tests, or callBackendTool DIFC propagate-mode edge cases

Generated by Test Coverage Improver · ◷

[Copilot]

Pull request overview

This PR improves test coverage for internal/proxy.MatchRoute, the central REST routing function used to map GitHub API paths to DIFC guard tools.

Changes:

• Added a new table-driven test suite covering previously untested REST route patterns (env-scoped Actions config, org-scoped Actions config, discussion detail/comments, check-suites, user key endpoints).
• Added explicit “no route match” cases to exercise the nil-return branch.
• Added an additional query-string case to validate query stripping for an uncovered route category.

Show a summary per file

File	Description
internal/proxy/router_uncovered_routes_test.go	Adds 17 new table-driven MatchRoute test cases to cover previously uncovered route patterns and nil-return behavior.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/1 changed files
• Comments generated: 0