refactor(proxy): rename setup struct, fix disabled-correlation test

SasSwart · SasSwart · commit ab7e8b4b6bbb · 2026-05-13T12:43:10.000Z
- Rename sessionCorrelationIntegrationSetup to correlationTestEnv
  and newSessionCorrelationIntegrationSetup to newCorrelationTestEnv
  for brevity and clarity.
- Rename TestIntegration_DisabledCorrelationNoHeadersNoPreallocatedSequence
  to TestIntegration_DisabledCorrelationNoHeaders. The sequence counter
  is a value type on the proxy server and always increments regardless
  of the correlation setting, so the previous name and assertions about
  'no pre-allocated sequence number' were misleading. The test now
  focuses on what actually differs: no headers are injected.
- Remove misleading 'auditor falls back to its own counter' comment.

Generated by Coder Agents
diff --git a/proxy/proxy_session_correlation_integration_test.go b/proxy/proxy_session_correlation_integration_test.go
@@ -50,24 +50,24 @@ func (m *multiRequestCapturingBackend) headersAt(i int) http.Header {
 	return m.all[i].Clone()
 }
 
-// sessionCorrelationIntegrationSetup holds the shared objects for an
+// correlationTestEnv holds the shared objects for a session-correlation
 // integration test: the proxy, auditor, backend(s), and sequence
-// counter. Tests build one via newSessionCorrelationIntegrationSetup
-// and tear it down with stop.
-type sessionCorrelationIntegrationSetup struct {
+// counter. Tests build one via newCorrelationTestEnv and tear it down
+// with stop.
+type correlationTestEnv struct {
 	pt      *ProxyTest
 	auditor *capturingAuditor
 	seq     *audit.SequenceCounter
-	// llmBackend expects headers to be injected as these requests are
-	// expected to be seen by the AI Gateway and then correlated back
-	// to the audit event
+	// injectBackend expects headers to be injected as these requests
+	// are expected to be seen by the AI Gateway and then correlated
+	// back to the audit event.
 	injectBackend *multiRequestCapturingBackend
 	// otherBackend does not expect headers to be injected as these
 	// requests should not be routed through the AI Gateway.
 	otherBackend *multiRequestCapturingBackend
 }
 
-func (s *sessionCorrelationIntegrationSetup) stop() {
+func (s *correlationTestEnv) stop() {
 	s.pt.Stop()
 	if s.injectBackend != nil {
 		s.injectBackend.close()
@@ -77,12 +77,12 @@ func (s *sessionCorrelationIntegrationSetup) stop() {
 	}
 }
 
-// newSessionCorrelationIntegrationSetup builds a proxy that allows
-// traffic to two httptest backends: one that matches an inject target
-// and one that does not (simulating a generic allowed domain like
-// github.com). Both backends capture all received request headers.
-// A capturingAuditor records every audit event for later inspection.
-func newSessionCorrelationIntegrationSetup(t *testing.T, sessionID string) *sessionCorrelationIntegrationSetup {
+// newCorrelationTestEnv builds a proxy that allows traffic to two
+// httptest backends: one that matches an inject target and one that
+// does not (simulating a generic allowed domain like github.com).
+// Both backends capture all received request headers. A
+// capturingAuditor records every audit event for later inspection.
+func newCorrelationTestEnv(t *testing.T, sessionID string) *correlationTestEnv {
 	t.Helper()
 
 	inject := newMultiRequestCapturingBackend()
@@ -117,7 +117,7 @@ func newSessionCorrelationIntegrationSetup(t *testing.T, sessionID string) *sess
 		WithAuditor(aud),
 	).Start()
 
-	return &sessionCorrelationIntegrationSetup{
+	return &correlationTestEnv{
 		pt:            pt,
 		auditor:       aud,
 		seq:           seq,
@@ -132,7 +132,7 @@ func newSessionCorrelationIntegrationSetup(t *testing.T, sessionID string) *sess
 // the forwarded header.
 func TestIntegration_LLMRequestAuditAndHeadersAgree(t *testing.T) {
 	const sessionID = "e5f6a7b8-0000-0000-0000-000000000000"
-	s := newSessionCorrelationIntegrationSetup(t, sessionID)
+	s := newCorrelationTestEnv(t, sessionID)
 	defer s.stop()
 
 	resp, err := s.pt.proxyClient.Get(s.injectBackend.server.URL + "/v1/messages")
@@ -164,7 +164,7 @@ func TestIntegration_LLMRequestAuditAndHeadersAgree(t *testing.T) {
 // audited (with a sequence number) but does NOT receive correlation
 // headers.
 func TestIntegration_NonLLMRequestAuditedWithoutHeaders(t *testing.T) {
-	s := newSessionCorrelationIntegrationSetup(t, "test-session")
+	s := newCorrelationTestEnv(t, "test-session")
 	defer s.stop()
 
 	resp, err := s.pt.proxyClient.Get(s.otherBackend.server.URL + "/pulls")
@@ -426,7 +426,7 @@ func TestIntegration_SequenceGapRevealsAgenticLoop(t *testing.T) {
 // sequence number, and the audit event still agrees with the header.
 func TestIntegration_SpoofedHeadersOverwrittenWithCorrectSequence(t *testing.T) {
 	const sessionID = "real-session-uuid"
-	s := newSessionCorrelationIntegrationSetup(t, sessionID)
+	s := newCorrelationTestEnv(t, sessionID)
 	defer s.stop()
 
 	req, err := http.NewRequest(http.MethodPost, s.injectBackend.server.URL+"/v1/messages", nil)
@@ -455,11 +455,13 @@ func TestIntegration_SpoofedHeadersOverwrittenWithCorrectSequence(t *testing.T)
 	)
 }
 
-// TestIntegration_DisabledCorrelationNoHeadersNoPreallocatedSequence
-// verifies that when session correlation is disabled, the proxy does
-// not inject headers and does not pre-allocate sequence numbers (the
-// auditor falls back to its own counter instead).
-func TestIntegration_DisabledCorrelationNoHeadersNoPreallocatedSequence(t *testing.T) {
+// TestIntegration_DisabledCorrelationNoHeaders verifies that when
+// session correlation is disabled, the proxy does not inject
+// correlation headers even for requests that match an inject target.
+// Note: the sequence counter is a value type on the proxy server and
+// always increments regardless of the correlation setting, so we only
+// assert on the absence of headers here.
+func TestIntegration_DisabledCorrelationNoHeaders(t *testing.T) {
 	backend := newMultiRequestCapturingBackend()
 	defer backend.close()
 
@@ -471,13 +473,11 @@ func TestIntegration_DisabledCorrelationNoHeadersNoPreallocatedSequence(t *testi
 	pt := NewProxyTest(t,
 		WithCertManager(t.TempDir()),
 		WithAllowedDomain(backendURL.Hostname()),
-		// Correlation disabled; no sequence counter.
 		WithSessionCorrelation(config.SessionCorrelationConfig{
 			Enabled:       false,
 			InjectTargets: []config.InjectTarget{{Domain: backendURL.Hostname()}},
 		}),
 		WithSessionID("should-not-appear"),
-		// Explicitly do NOT set WithSequenceCounter; seqCounter is nil.
 		WithAuditor(aud),
 	).Start()
 	defer pt.Stop()
@@ -487,18 +487,18 @@ func TestIntegration_DisabledCorrelationNoHeadersNoPreallocatedSequence(t *testi
 	defer resp.Body.Close() //nolint:errcheck
 	require.Equal(t, http.StatusOK, resp.StatusCode)
 
-	// No correlation headers.
+	// No correlation headers injected.
 	require.Equal(t, 1, backend.requestCount())
 	header := backend.headersAt(0)
-	assert.Empty(t, header.Get(config.SessionIDHeaderName))
-	assert.Empty(t, header.Get(config.SequenceNumberHeaderName))
+	assert.Empty(t, header.Get(config.SessionIDHeaderName),
+		"session ID header must not be injected when correlation is disabled")
+	assert.Empty(t, header.Get(config.SequenceNumberHeaderName),
+		"sequence number header must not be injected when correlation is disabled")
 
-	// Audit event recorded but without a pre-allocated sequence
-	// number (nil), because no SequenceCounter was provided.
+	// Request is still audited.
 	events := aud.getRequests()
 	require.Len(t, events, 1)
-	assert.Equal(t, int32(0), events[0].SequenceNumber,
-		"no sequence counter means no pre-allocated sequence number")
+	require.True(t, events[0].Allowed)
 }
 
 // TestIntegration_ConcurrentRequestsUniqueSequenceNumbers sends
@@ -509,7 +509,7 @@ func TestIntegration_ConcurrentRequestsUniqueSequenceNumbers(t *testing.T) {
 	const sessionID = "concurrent-session"
 	const numRequests = 10
 
-	s := newSessionCorrelationIntegrationSetup(t, sessionID)
+	s := newCorrelationTestEnv(t, sessionID)
 	defer s.stop()
 
 	var wg sync.WaitGroup
