[test] Add tests for config.ValidateStringArrayField and config.IsValidAllowOnlyReposValue

[github-actions]

Test Coverage Improvement: ValidateStringArrayField and IsValidAllowOnlyReposValue

Functions Analyzed

• Package: internal/config
• Functions: ValidateStringArrayField, IsValidAllowOnlyReposValue
• File: internal/config/guard_policy_validation.go
• Previous Coverage: 0% for both functions
• New Coverage: 100% for both functions
• Complexity: Medium — branching on type assertions and multiple input shapes

Why These Functions?

Both functions were at 0% coverage in the internal/config package. They are exported functions used by the guard pipeline (in internal/guard/wasm_payload.go) to validate the label_agent policy transport payload. Despite being called from critical security-policy code paths, they had no tests of their own.

ValidateStringArrayField has 5 distinct branches (type assertion failure × optional/required, empty array, non-string entry, whitespace entry, valid path). IsValidAllowOnlyReposValue covers 3 type switch cases (string, []interface{}, default).

Tests Added

• ✅ Happy path: valid arrays with single and multiple non-empty strings
• ✅ Edge cases: empty arrays (with requireNonEmpty=false and =true), whitespace-only strings
• ✅ Error cases: non-array types (string, nil, int, bool, map), non-string entries, empty/whitespace entries
• ✅ Full branch coverage for all conditionals in both functions
• ✅ String case-insensitivity and whitespace trimming for IsValidAllowOnlyReposValue
• ✅ []interface{} scope validation paths (valid, invalid, duplicate, empty)
• ✅ Default/unknown type cases for IsValidAllowOnlyReposValue

Coverage Report

Before:
  config.ValidateStringArrayField:    0.0%
  config.IsValidAllowOnlyReposValue:  0.0%
  internal/config package overall:   95.9%

After:
  config.ValidateStringArrayField:   100.0%
  config.IsValidAllowOnlyReposValue: 100.0%
  internal/config package overall:   97.1%

Improvement: +1.2% overall, +100% for both target functions

Test Execution

All 44 test cases pass (19 for ValidateStringArrayField, 25 for IsValidAllowOnlyReposValue):

=== RUN   TestValidateStringArrayField
--- PASS: TestValidateStringArrayField (0.00s)
=== RUN   TestIsValidAllowOnlyReposValue
--- PASS: TestIsValidAllowOnlyReposValue (0.00s)
ok  github.com/github/gh-aw-mcpg/internal/config  coverage: 97.1% of statements

---

Generated by Test Coverage Improver
Next run will target the next most complex under-tested function

Warning

Firewall blocked 9 domains

The following domains were blocked by the firewall during workflow execution:

• 172.30.0.50
• go.opentelemetry.io
• go.yaml.in
• golang.org
• google.golang.org
• gopkg.in
• pkg.go.dev
• proxy.golang.org
• sum.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "172.30.0.50"
    - "go.opentelemetry.io"
    - "go.yaml.in"
    - "golang.org"
    - "google.golang.org"
    - "gopkg.in"
    - "pkg.go.dev"
    - "proxy.golang.org"
    - "sum.golang.org"

See Network Configuration for more information.

Generated by Test Coverage Improver · 2.8K AIC · ⊞ 28.6K · ◷

[Copilot]

Pull request overview

This PR improves test coverage in internal/config by adding focused unit tests for two previously untested guard-policy validation helpers (ValidateStringArrayField and IsValidAllowOnlyReposValue) in guard_policy_validation.go.

Changes:

• Added table-driven tests covering success, error, and edge cases for ValidateStringArrayField.
• Added table-driven tests covering string, []interface{}, and default-type behaviors for IsValidAllowOnlyReposValue.

Show a summary per file

File	Description
internal/config/guard_policy_string_validation_test.go	Adds new unit tests to cover the two guard policy validation helpers and their key branches.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/1 changed files
• Comments generated: 2