Add unit tests for ProxyService and Server components

- Implement comprehensive tests for ProxyService including handler, caching, circuit breaker, retry logic, streaming responses, error handling, and concurrent requests.
- Introduce tests for Server creation, configuration, worker pool functionality, HTTP client timeout handling, and memory management.
- Ensure proper handling of various request scenarios and validate server routes and concurrency.
- Utilize mock servers and helper functions to simulate and validate expected behaviors.

Author: jxu3

Dockerfile

@@ -5,31 +5,37 @@ WORKDIR /app
 # Install git and ca-certificates for building
 RUN apk add --no-cache git ca-certificates
 
-# Copy go mod file
-COPY go.mod ./
+# Copy go mod and sum files
+COPY go.mod go.sum ./
 
-# Download dependencies (this will create go.sum if it doesn't exist)
+# Download dependencies
 RUN go mod download
 
 # Copy source code
 COPY . .
 
 # Build the binary
-RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w -X main.version=docker" -o github-copilot-svcs .
+ARG VERSION=docker
+RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w -X main.version=${VERSION}" -o github-copilot-svcs ./cmd/github-copilot-svcs
 
 # Final stage
 FROM alpine:latest
 
 # Install ca-certificates for HTTPS requests
-RUN apk --no-cache add ca-certificates tzdata
+RUN apk --no-cache add ca-certificates tzdata wget
 
-WORKDIR /root/
+# Create non-root user
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup
+
+# Switch to non-root user
+USER appuser
+WORKDIR /home/appuser/
 
 # Copy the binary from builder
 COPY --from=builder /app/github-copilot-svcs .
 
-# Create config directory
-RUN mkdir -p /root/.local/share/github-copilot-svcs
+# Create config directory for non-root user
+RUN mkdir -p /home/appuser/.local/share/github-copilot-svcs
 
 # Expose the default port
 EXPOSE 8081
@@ -39,4 +45,4 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
   CMD wget --no-verbose --tries=1 --spider http://localhost:8081/health || exit 1
 
 # Run the binary
-CMD ["./github-copilot-svcs", "run"]
+CMD ["./github-copilot-svcs", "start"]

Makefile

@@ -2,15 +2,15 @@ BINARY=github-copilot-svcs
 CMD_PATH=./cmd/github-copilot-svcs
 VERSION?=dev
 
-.PHONY: build test test-unit test-integration test-e2e test-all clean run dev
+.PHONY: build test test-unit test-integration test-e2e test-all clean run dev lint fmt vet deps update-deps security mocks docker-build docker-run help test-coverage test-short test-verbose
 
 # Build the binary
 build:
 	go build -ldflags="-s -w -X main.version=$(VERSION)" -o $(BINARY) $(CMD_PATH)
 
 # Run the application
 run: build
-	./$(BINARY)
+	./$(BINARY) start
 
 # Development server with hot reload (requires air: go install github.com/cosmtrek/air@latest)
 dev:
@@ -88,7 +88,7 @@ mocks:
 
 # Docker build
 docker-build:
-	docker build -t $(BINARY):$(VERSION) .
+	docker build --build-arg VERSION=$(VERSION) -t $(BINARY):$(VERSION) .
 
 # Docker run
 docker-run:

README.md

@@ -543,15 +543,53 @@ This is free software: you are free to change and redistribute it under the term
 
 ## Contributing
 
+We welcome contributions! Please follow these guidelines:
+
 1. Fork the repository
-2. Create a feature branch
-3. Make your changes
-4. Test thoroughly
-5. Submit a pull request
+2. Create a feature branch (use descriptive names)
+3. Make your changes (follow Go code style and best practices)
+4. Add or update tests as needed
+5. Run all tests and ensure coverage is not reduced
+6. Document your changes in the README if relevant
+7. Submit a pull request with a clear description
+
+### Commit Messages
+- Use clear, descriptive commit messages
+- Reference related issues (e.g., `Fixes #123`)
+
+### Pull Request Review
+- All PRs require review by a maintainer
+- Address review comments promptly
+
+## Security
+
+- Tokens and secrets are stored securely in the user's home directory with restricted permissions (0700)
+- No sensitive data is logged
+- All communication with GitHub Copilot uses HTTPS
+- Automatic token refresh prevents long-lived token exposure
+- Do not commit secrets or sensitive config files; check your `.gitignore`
+- For security issues, please contact the maintainers directly
+
+## FAQ / Common Issues
+
+**Q: Authentication fails or times out**
+A: Run `./github-copilot-svcs auth` again and check your network connection. Ensure your GitHub account has Copilot access.
+
+**Q: Service won't start or port is in use**
+A: Edit your config file to use a different port, or stop the conflicting service.
+
+**Q: Token expires too quickly**
+A: Check your system clock and ensure the refresh interval in config is set correctly.
+
+**Q: How do I update configuration?**
+A: Edit `~/.local/share/github-copilot-svcs/config.json` or use environment variables if supported.
+
+**Q: How do I report a bug or request a feature?**
+A: Open an issue on GitHub with details about your environment and the problem.
 
 ## Support
 
 For issues and questions:
-1. Check the troubleshooting section
+1. Check the troubleshooting and FAQ sections
 2. Review the logs for error messages
 3. Open an issue with detailed information about your setup and the problem

cmd/github-copilot-svcs/main.go

@@ -12,6 +12,7 @@ var version = "dev"
 func main() {
 	// Initialize logger early
 	internal.Init()
+	internal.RegisterProxyMetrics()
 
 	const minArgsRequired = 2
 	if len(os.Args) < minArgsRequired {

docker-compose.yml

@@ -10,7 +10,7 @@ services:
       - LOG_LEVEL=info
     volumes:
       # Mount config directory for persistent authentication
-      - ./config:/root/.local/share/github-copilot-svcs
+      - ./config:/home/appuser/.local/share/github-copilot-svcs
     restart: unless-stopped
     healthcheck:
       test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8081/health"]

go.mod

@@ -1,3 +1,17 @@
 module github.com/privapps/github-copilot-svcs
 
-go 1.21
+go 1.23.0
+
+toolchain go1.23.5
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/prometheus/client_golang v1.23.0 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.65.0 // indirect
+	github.com/prometheus/procfs v0.16.1 // indirect
+	golang.org/x/sys v0.33.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
+)

go.sum

@@ -0,0 +1,18 @@
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc=
+github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE=
+github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
+github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=
+github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
+github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
+github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=

internal/auth.go

@@ -1,8 +1,8 @@
 package internal
 
 import (
+	"context"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"net/http"
 	"strings"
@@ -60,14 +60,14 @@ func NewAuthService(httpClient *http.Client) *AuthService {
 func (s *AuthService) Authenticate(cfg *Config) error {
 	now := time.Now().Unix()
 	if cfg.CopilotToken != "" && cfg.ExpiresAt > now+60 {
-		logger.Info("Token still valid", "expires_in", cfg.ExpiresAt-now)
+		Info("Token still valid", "expires_in", cfg.ExpiresAt-now)
 		return nil // Already authenticated
 	}
 
 	if cfg.CopilotToken != "" {
-		logger.Info("Token expired or expiring soon, triggering re-auth", "expires_in", cfg.ExpiresAt-now)
+		Info("Token expired or expiring soon, triggering re-auth", "expires_in", cfg.ExpiresAt-now)
 	} else {
-		logger.Info("No token found, starting authentication flow")
+		Info("No token found, starting authentication flow")
 	}
 
 	// Step 1: Get device code
@@ -105,45 +105,55 @@ func (s *AuthService) Authenticate(cfg *Config) error {
 
 // RefreshToken refreshes the Copilot token using the stored GitHub token
 func (s *AuthService) RefreshToken(cfg *Config) error {
+	return s.RefreshTokenWithContext(context.Background(), cfg)
+}
+
+func (s *AuthService) RefreshTokenWithContext(ctx context.Context, cfg *Config) error {
 	if cfg.GitHubToken == "" {
-		logger.Warn("Cannot refresh token: no GitHub token available")
-		return errors.New("no GitHub token available for refresh")
+		Warn("Cannot refresh token: no GitHub token available")
+		return NewAuthError("no GitHub token available for refresh", nil)
 	}
 
 	// Retry with exponential backoff
 	for attempt := 1; attempt <= maxRefreshRetries; attempt++ {
-		logger.Info("Attempting to refresh Copilot token", "attempt", attempt, "max_attempts", maxRefreshRetries)
+		Info("Attempting to refresh Copilot token", "attempt", attempt, "max_attempts", maxRefreshRetries)
 
 		copilotToken, expiresAt, refreshIn, err := s.getCopilotToken(cfg, cfg.GitHubToken)
 		if err != nil {
 			if attempt == maxRefreshRetries {
-				logger.Error("Token refresh failed after max attempts", "attempts", maxRefreshRetries, "error", err)
+				Error("Token refresh failed after max attempts", "attempts", maxRefreshRetries, "error", err)
 				return err
 			}
 
 			// Wait before retry with exponential backoff
 			waitTime := time.Duration(baseRetryDelay*attempt*attempt) * time.Second
-			logger.Warn("Token refresh failed, retrying", "attempt", attempt, "wait_time", waitTime, "error", err)
-			time.Sleep(waitTime)
-			continue
+			Warn("Token refresh failed, retrying", "attempt", attempt, "wait_time", waitTime, "error", err)
+
+			// Use context-aware sleep
+			select {
+			case <-time.After(waitTime):
+				continue
+			case <-ctx.Done():
+				return ctx.Err()
+			}
 		}
 
-		logger.Info("Token refresh successful", "expires_in", expiresAt-time.Now().Unix())
+		Info("Token refresh successful", "expires_in", expiresAt-time.Now().Unix())
 		cfg.CopilotToken = copilotToken
 		cfg.ExpiresAt = expiresAt
 		cfg.RefreshIn = refreshIn
 
 		return cfg.SaveConfig()
 	}
 
-	return errors.New("maximum retry attempts exceeded")
+	return NewAuthError("maximum retry attempts exceeded", nil)
 }
 
 // EnsureValidToken ensures we have a valid token, refreshing if necessary
 func (s *AuthService) EnsureValidToken(cfg *Config) error {
 	now := time.Now().Unix()
 	if cfg.CopilotToken == "" {
-		return errors.New("no token available - authentication required")
+		return NewAuthError("no token available - authentication required", nil)
 	}
 
 	// Check if token needs refresh (within 5 minutes of expiry or already expired)
@@ -179,8 +189,18 @@ func (s *AuthService) getDeviceCode(cfg *Config) (*deviceCodeResponse, error) {
 }
 
 func (s *AuthService) pollForGitHubToken(cfg *Config, deviceCode string, interval int) (string, error) {
+	return s.pollForGitHubTokenWithContext(context.Background(), cfg, deviceCode, interval)
+}
+
+func (s *AuthService) pollForGitHubTokenWithContext(ctx context.Context, cfg *Config, deviceCode string, interval int) (string, error) {
 	for i := 0; i < 120; i++ { // Poll for 2 minutes max
-		time.Sleep(time.Duration(interval) * time.Second)
+		// Use context-aware sleep
+		select {
+		case <-time.After(time.Duration(interval) * time.Second):
+			// Continue with polling
+		case <-ctx.Done():
+			return "", ctx.Err()
+		}
 
 		body := fmt.Sprintf(`{"client_id":%q,"device_code":%q,"grant_type":"urn:ietf:params:oauth:grant-type:device_code"}`,
 			copilotClientID, deviceCode)
@@ -208,15 +228,15 @@ func (s *AuthService) pollForGitHubToken(cfg *Config, deviceCode string, interva
 			if tr.Error == "authorization_pending" {
 				continue
 			}
-			return "", fmt.Errorf("authorization error: %s - %s", tr.Error, tr.ErrorDesc)
+			return "", NewAuthError(fmt.Sprintf("authorization failed: %s - %s", tr.Error, tr.ErrorDesc), nil)
 		}
 
 		if tr.AccessToken != "" {
 			return tr.AccessToken, nil
 		}
 	}
 
-	return "", fmt.Errorf("authentication timed out")
+	return "", NewAuthError("authentication timed out", nil)
 }
 
 func (s *AuthService) getCopilotToken(cfg *Config, githubToken string) (token string, expiresAt, refreshIn int64, err error) {
@@ -234,7 +254,7 @@ func (s *AuthService) getCopilotToken(cfg *Config, githubToken string) (token st
 	defer resp.Body.Close()
 
 	if resp.StatusCode != http.StatusOK {
-		return "", 0, 0, fmt.Errorf("failed to get Copilot token: %d", resp.StatusCode)
+		return "", 0, 0, NewNetworkError("getCopilotToken", copilotAPIKeyURL, fmt.Sprintf("HTTP %d response", resp.StatusCode), nil)
 	}
 
 	var ctr copilotTokenResponse

internal/cli.go

@@ -275,7 +275,7 @@ func handleModels() error {
 	}
 
 	// Fetch models
-	modelList, err := FetchFromModelsDev()
+	modelList, err := FetchFromModelsDev(httpClient)
 	if err != nil {
 		fmt.Printf("Failed to fetch models from models.dev: %v\n", err)
 		fmt.Println("Using default models:")