refactor: extract shared token-tracker budget helpers

[lpcox]

Summary

Extracts two duplicated code blocks from token-tracker-http.js and token-tracker-ws.js into a shared token-tracker-shared.js module:

1. warnCacheReadRollupMismatch() — logs warning + diag when observed cache-read tokens don't match normalized rollup
2. mergeBudgetFields() — copies effective token/AI credit budget fields from budgetResult onto the usage record

This eliminates ~30 lines of duplicated logic while preserving identical behavior (including the WS-specific transport: 'websocket' field passed via the extra fields parameter).

Fixes #4711

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	96.54%	96.58%	📈 +0.04%
Statements	96.46%	96.50%	📈 +0.04%
Functions	98.78%	98.78%	➡️ +0.00%
Branches	91.11%	91.14%	📈 +0.03%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/config-writer.ts	90.2% → 91.4% (+1.23%)	90.2% → 91.4% (+1.23%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

This PR refactors the API proxy token trackers by extracting duplicated “budget field merge” and “cache-read rollup mismatch warning” logic into a new shared helper module, keeping the HTTP and WebSocket trackers behaviorally consistent while reducing duplication.

Changes:

• Added containers/api-proxy/token-tracker-shared.js with warnCacheReadRollupMismatch() and mergeBudgetFields() helpers.
• Updated HTTP token tracker to call the shared helpers instead of maintaining local duplicated blocks.
• Updated WebSocket token tracker to call the shared helpers while preserving WS-specific logging fields (e.g., transport: 'websocket').

Show a summary per file

File	Description
containers/api-proxy/token-tracker-http.js	Replaces inline warning + budget-field merge blocks with shared helper calls.
containers/api-proxy/token-tracker-ws.js	Replaces inline warning + budget-field merge blocks with shared helper calls, preserving WebSocket-specific context fields.
containers/api-proxy/token-tracker-shared.js	New shared module implementing the extracted warning + budget-field merge helpers.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 0

[github-actions]

🔥 Smoke Test: Copilot PAT Auth — PASS

Test	Result
GitHub MCP connectivity	✅
GitHub.com HTTP	✅ 200
File write/read	✅

PR: refactor: extract shared token-tracker budget helpers
Author: @lpcox
Auth mode: PAT (COPILOT_GITHUB_TOKEN)

Overall: PASS

🔑 PAT report filed by Smoke Copilot PAT

[github-actions]

@lpcox

• GitHub MCP Testing: ✅
• GitHub.com Connectivity: ✅
• File Write/Read Test: ❌
• BYOK Inference Test: ✅

Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra

Overall: FAIL

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)

[github-actions]

Smoke Test Results

PR: refactor: extract shared token-tracker budget helpers (by @lpcox)

Test	Result
GitHub MCP connectivity	✅ PR listed: "perf(doc-maintainer): reduce per-run token usage"
GitHub.com HTTP	✅ 200
File write/read	❌ Template vars unresolved (${{ steps.smoke-data.outputs.* }}) — pre-step data unavailable

Overall: FAIL — file test could not be verified due to unresolved workflow template variables.

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

🔬 Smoke Test: API Proxy OpenTelemetry Tracing

Scenario	Result	Notes
1. Module Loading	✅	otel.js loads cleanly; exports: startRequestSpan, setTokenAttributes, setBudgetAttributes, endSpan, endSpanError, shutdown, isEnabled + internal helpers
2. Test Suite	✅	otel.test.js: 39/39 passed (3.1s)
3. Env Var Forwarding	✅	src/services/api-proxy-service-config.ts forwards OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_HEADERS, GITHUB_AW_OTEL_TRACE_ID, GITHUB_AW_OTEL_PARENT_SPAN_ID, OTEL_SERVICE_NAME to api-proxy container
4. Token Tracker Integration	✅	token-tracker-http.js line 255: onUsage callback invoked after normalized usage extraction — OTEL hook point confirmed
5. OTEL Diagnostics	✅	No live spans expected (no OTLP endpoint configured in this run); graceful degradation path in place

All scenarios pass. OTEL tracing integration is correctly wired end-to-end.

📡 OTel tracing validated by Smoke OTel Tracing

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌
Node.js	v24.16.0	v22.22.3	❌
Go	go1.22.12	go1.22.12	✅

Overall: ❌ Not all tests passed

• Go matches between host and chroot environments.
• Python and Node.js versions differ — the chroot environment has older versions than the host runner.

Tested by Smoke Chroot

[github-actions]

• ✅ perf(doc-maintainer): reduce per-run token usage
• ✅ perf(test-coverage-reporter): reduce token usage ~7-10% per run
• ✅ Page title contains GitHub
• ✅ Smoke file created and verified
• ✅ npm ci && npm run build
• Overall: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

[github-actions]

@lpcox
🔹 refactor: extract makeUnconfiguredHealthResponse helper — ✅
🔹 GitHub.com connectivity (200) — ✅
🔹 File I/O roundtrip — ✅
🔹 BYOK inference via api-proxy — ✅
Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)
PASS

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)

[github-actions]

Smoke Test: Copilot BYOK (Direct Mode) ✅

Test Results:

• ✅ GitHub.com HTTP (200)
• ✅ File I/O (read/write)
• ✅ BYOK Inference (direct COPILOT_PROVIDER_API_KEY via api-proxy → api.githubcopilot.com)
• ✅ MCP connectivity (GitHub API verified)

Status: PASS — Running in direct BYOK mode with real credentials held in sidecar.

PR Info: Assigned to lpcox, Copilot (@Copilot)

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

Smoke Test: GitHub Actions Services Connectivity

Check	Result
Redis PING (host.docker.internal:6379)	❌ Connection timed out
PostgreSQL pg_isready (host.docker.internal:5432)	❌ No response
PostgreSQL SELECT 1	❌ Connection timed out

host.docker.internal resolves to 172.17.0.1 but no services are listening on ports 6379 or 5432.

Overall: FAIL

🔌 Service connectivity validated by Smoke Services

[github-actions]

GitHub API: ✅ PASS
GitHub check: ✅ PASS
File verify: ✅ PASS

Total: PASS

💥 [THE END] — Illustrated by Smoke Claude