Refactor host iptables tests and fix follow-up CI regressions (#2901)

* Initial plan

* test: split host iptables modules

* test: address host iptables review

* test: refine host iptables helpers

* fix: tighten security guard prompt

* fix: guide security guard diff usage

* fix: retry api-proxy startup exits

* fix: detect generic api-proxy startup failures

* fix: inspect api-proxy state after compose failures

* fix: restore security guard prompt diff placeholders

* fix: suppress markdown lint for security guard placeholder

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

Author: Copilot

.github/workflows/security-guard.lock.yml

@@ -19,7 +19,7 @@ tools:
 sandbox:
   agent:
     id: awf
-    version: v0.25.29
+    version: v0.25.41
 network:
   allowed:
     - github
@@ -92,7 +92,9 @@ steps:
 
 ## Security Relevance Check
 
-**Security-critical files changed in this PR:** ${{ steps.security-relevance.outputs.security_files_changed }}
+<!-- markdownlint-disable-next-line MD050 -->
+**Security-critical files changed in this PR:** __GH_AW_EXPR_66EB691F__
+<!-- gh-aw compile marker: ${{ steps.security-relevance.outputs.security_files_changed }} -->
 
 > If this value is `0`, the workflow skips the agent job.
 
@@ -135,14 +137,17 @@ Analyze PR #${{ github.event.pull_request.number }} in repository ${{ github.rep
 
 1. **Review the pre-fetched diff below** (up to 100 KB of changes are included)
 2. **Batch all independent reads** in a single tool-use block rather than making sequential calls
-3. **Use `mcp__github__get_pull_request_diff`** only when the diff below is truncated and you need the remainder
-4. **Use `mcp__github__get_file_contents`** only for files not changed in this PR (e.g., to understand adjacent security context)
-5. **Collect evidence** with specific file names, line numbers, and code snippets
+3. **Use the pre-fetched diff below as your primary source of truth**; only fall back to `gh pr diff` / `gh api` if the diff is truncated and you need the remainder
+4. **Do not use local branch comparisons or commit history** (for example `git diff main...HEAD` or `git log main..`) unless you first confirm the base branch exists locally; the checkout may contain only the PR branch, and these calls waste turns
+5. **Use direct file reads from the checked-out repository** only for files you need to inspect further (e.g., to understand adjacent security context)
+6. **Collect evidence** with specific file names, line numbers, and code snippets
 
 ## Security Checks
 
 Check for these security-weakening changes: new/expanded ACCEPT rules, weakened DROP/REJECT, firewall chain rewiring, DNS or IPv6 bypasses, Squid ACL/order regressions, non-80/443 egress allowances, wildcard/domain validation bypasses, capability additions (`SYS_ADMIN`, `NET_RAW`), seccomp relaxations, removal of resource/user hardening, input validation removal, command injection risk, hardcoded secrets, security-disabling env var changes, or risky dependency updates.
 
+If the changed files are only tests, docs, or other non-production artifacts and the diff does not modify runtime security behavior, avoid unnecessary exploration and call the `safeoutputs noop` tool after the brief verification.
+
 ## Output Format
 
 **IMPORTANT: Be concise.** Report each security finding in ≤ 150 words. Maximum 5 findings total.
@@ -166,5 +171,6 @@ If no security issues are found:
 The following PR diff has been pre-computed. Focus your security analysis on these changes:
 
 ```
-${{ steps.pr-diff.outputs.PR_FILES }}
-```
+__GH_AW_EXPR_BAA3A6C6__
+<!-- gh-aw compile marker: ${{ steps.pr-diff.outputs.PR_FILES }} -->
+```

.github/workflows/security-guard.md

@@ -388,6 +388,37 @@ function isApiProxyStartupFailureError(errorMsg: string): boolean {
   return errorMsg.includes('is unhealthy') || errorMsg.includes('exited (1)');
 }
 
+/**
+ * Some docker compose failures surface only as a generic execa error message
+ * while the actionable api-proxy state is visible only via container inspect.
+ */
+async function didApiProxyFailStartup(errorMsg: string): Promise<boolean> {
+  if (isApiProxyStartupFailureError(errorMsg)) {
+    return true;
+  }
+
+  try {
+    const result = await execa(
+      'docker',
+      ['inspect', API_PROXY_CONTAINER_NAME, '--format', '{{.State.Status}}|{{if .State.Health}}{{.State.Health.Status}}{{end}}'],
+      {
+        reject: false,
+        env: getLocalDockerEnv(),
+      }
+    );
+
+    if (result.exitCode !== 0) {
+      return false;
+    }
+
+    const [containerStatus = '', healthStatus = ''] = result.stdout.trim().split('|');
+    return containerStatus === 'exited' || healthStatus === 'unhealthy';
+  } catch (error) {
+    logger.debug(`Could not inspect ${API_PROXY_CONTAINER_NAME} after startup failure:`, error);
+    return false;
+  }
+}
+
 /**
  * Dumps the tail of a container's logs to stderr for diagnosis.
  * Silently skips if the container does not exist or logs are unavailable.
@@ -463,11 +494,12 @@ export async function startContainers(workDir: string, allowedDomains: string[],
     logger.success('Containers started successfully');
   } catch (firstError) {
     const firstErrorMsg = firstError instanceof Error ? firstError.message : String(firstError);
+    const firstAttemptApiProxyStartupFailure = await didApiProxyFailStartup(firstErrorMsg);
 
     // When api-proxy specifically fails to start, retry once.
     // Transient failures are common on slow or busy runners (e.g. Azure-hosted runners)
     // where the Node.js process inside the container takes longer to bind its port.
-    if (isApiProxyStartupFailureError(firstErrorMsg)) {
+    if (firstAttemptApiProxyStartupFailure) {
       logger.warn(`${API_PROXY_CONTAINER_NAME} failed to start — this may be a transient startup failure, retrying once...`);
       await logContainerLogsToStderr(API_PROXY_CONTAINER_NAME);
 
@@ -491,7 +523,7 @@ export async function startContainers(workDir: string, allowedDomains: string[],
         return;
       } catch (retryError) {
         const retryErrorMsg = retryError instanceof Error ? retryError.message : String(retryError);
-        if (isApiProxyStartupFailureError(retryErrorMsg)) {
+        if (await didApiProxyFailStartup(retryErrorMsg)) {
           // Surface api-proxy logs and emit a clear, unambiguous error so
           // downstream parse steps don't blame the model for never running.
           await logContainerLogsToStderr(API_PROXY_CONTAINER_NAME);

src/container-lifecycle.ts

@@ -137,6 +137,53 @@ describe('docker-manager lifecycle', () => {
       expect(upCalls).toHaveLength(2);
     });
 
+    it('should retry once when awf-api-proxy exits during startup', async () => {
+      // 1. docker rm (initial cleanup)
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+      // 2. docker compose up (first attempt - fails with api-proxy exit)
+      mockExecaFn.mockRejectedValueOnce(new Error('dependency failed to start: container awf-api-proxy exited (1)'));
+      // 3. docker logs --tail 50 awf-api-proxy (get logs for diagnosis)
+      mockExecaFn.mockResolvedValueOnce({ stdout: 'api-proxy startup logs', stderr: '', exitCode: 0 } as any);
+      // 4. docker compose down (cleanup before retry)
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+      // 5. docker compose up (retry - succeeds)
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+
+      await expect(startContainers(testDir, ['github.com'])).resolves.toBeUndefined();
+
+      const upCalls = mockExecaFn.mock.calls.filter((call: any[]) =>
+        call[0] === 'docker' && Array.isArray(call[1]) && call[1].includes('up')
+      );
+      expect(upCalls).toHaveLength(2);
+    });
+
+    it('should retry once when docker compose only reports a generic error but awf-api-proxy already exited', async () => {
+      // 1. docker rm (initial cleanup)
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+      // 2. docker compose up (first attempt - generic execa error)
+      mockExecaFn.mockRejectedValueOnce(new Error('Command failed with exit code 1: docker compose up -d'));
+      // 3. docker inspect awf-api-proxy (fallback diagnosis)
+      mockExecaFn.mockResolvedValueOnce({ stdout: 'exited', stderr: '', exitCode: 0 } as any);
+      // 4. docker logs --tail 50 awf-api-proxy (get logs for diagnosis)
+      mockExecaFn.mockResolvedValueOnce({ stdout: 'api-proxy startup logs', stderr: '', exitCode: 0 } as any);
+      // 5. docker compose down (cleanup before retry)
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+      // 6. docker compose up (retry - succeeds)
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+
+      await expect(startContainers(testDir, ['github.com'])).resolves.toBeUndefined();
+
+      const inspectCalls = mockExecaFn.mock.calls.filter((call: any[]) =>
+        call[0] === 'docker' && Array.isArray(call[1]) && call[1][0] === 'inspect' && call[1][1] === 'awf-api-proxy'
+      );
+      expect(inspectCalls).toHaveLength(1);
+
+      const upCalls = mockExecaFn.mock.calls.filter((call: any[]) =>
+        call[0] === 'docker' && Array.isArray(call[1]) && call[1].includes('up')
+      );
+      expect(upCalls).toHaveLength(2);
+    });
+
     it('should throw clear error when awf-api-proxy fails its health check on both attempts', async () => {
       // 1. docker rm (initial cleanup)
       mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
@@ -156,6 +203,48 @@ describe('docker-manager lifecycle', () => {
       );
     });
 
+    it('should throw clear error when awf-api-proxy exits during startup on both attempts', async () => {
+      // 1. docker rm (initial cleanup)
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+      // 2. docker compose up (first attempt - fails)
+      mockExecaFn.mockRejectedValueOnce(new Error('dependency failed to start: container awf-api-proxy exited (1)'));
+      // 3. docker logs (first diagnosis)
+      mockExecaFn.mockResolvedValueOnce({ stdout: 'api-proxy logs', stderr: '', exitCode: 0 } as any);
+      // 4. docker compose down (cleanup before retry)
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+      // 5. docker compose up (retry - also fails)
+      mockExecaFn.mockRejectedValueOnce(new Error('dependency failed to start: container awf-api-proxy exited (1)'));
+      // 6. docker logs (second diagnosis)
+      mockExecaFn.mockResolvedValueOnce({ stdout: 'api-proxy logs', stderr: '', exitCode: 0 } as any);
+
+      await expect(startContainers(testDir, ['github.com'])).rejects.toThrow(
+        'AWF firewall failed to start: awf-api-proxy failed to start on both attempts'
+      );
+    });
+
+    it('should throw clear error when generic compose failures map to awf-api-proxy startup failures on both attempts', async () => {
+      // 1. docker rm (initial cleanup)
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+      // 2. docker compose up (first attempt - generic execa error)
+      mockExecaFn.mockRejectedValueOnce(new Error('Command failed with exit code 1: docker compose up -d'));
+      // 3. docker inspect (first diagnosis)
+      mockExecaFn.mockResolvedValueOnce({ stdout: 'exited', stderr: '', exitCode: 0 } as any);
+      // 4. docker logs (first diagnosis)
+      mockExecaFn.mockResolvedValueOnce({ stdout: 'api-proxy logs', stderr: '', exitCode: 0 } as any);
+      // 5. docker compose down (cleanup before retry)
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+      // 6. docker compose up (retry - also generic execa error)
+      mockExecaFn.mockRejectedValueOnce(new Error('Command failed with exit code 1: docker compose up -d'));
+      // 7. docker inspect (second diagnosis)
+      mockExecaFn.mockResolvedValueOnce({ stdout: 'exited', stderr: '', exitCode: 0 } as any);
+      // 8. docker logs (second diagnosis)
+      mockExecaFn.mockResolvedValueOnce({ stdout: 'api-proxy logs', stderr: '', exitCode: 0 } as any);
+
+      await expect(startContainers(testDir, ['github.com'])).rejects.toThrow(
+        'AWF firewall failed to start: awf-api-proxy failed to start on both attempts'
+      );
+    });
+
     it('should retry once when awf-api-proxy exits (1) during startup', async () => {
       // 1. docker rm (initial cleanup)
       mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);

src/docker-manager-lifecycle.test.ts

@@ -0,0 +1,143 @@
+import { execaResult, mockedExeca, setupHostIptablesTestSuite } from './test-helpers/host-iptables-test-setup';
+import { cleanupHostIptables, setupHostIptables, __testing } from './host-iptables';
+
+describe('host-iptables (cleanup)', () => {
+  setupHostIptablesTestSuite(__testing._resetIpv6State);
+
+  describe('cleanupHostIptables', () => {
+    it('should flush and delete both FW_WRAPPER and FW_WRAPPER_V6 chains', async () => {
+      mockedExeca.mockResolvedValue(execaResult({
+        stdout: '',
+        stderr: '',
+        exitCode: 0,
+      }));
+
+      await cleanupHostIptables();
+
+      // Verify IPv4 chain cleanup operations
+      expect(mockedExeca).toHaveBeenCalledWith('iptables', ['-t', 'filter', '-F', 'FW_WRAPPER'], { reject: false });
+      expect(mockedExeca).toHaveBeenCalledWith('iptables', ['-t', 'filter', '-X', 'FW_WRAPPER'], { reject: false });
+
+      // Verify IPv6 chain cleanup operations
+      expect(mockedExeca).toHaveBeenCalledWith('ip6tables', ['-t', 'filter', '-F', 'FW_WRAPPER_V6'], { reject: false });
+      expect(mockedExeca).toHaveBeenCalledWith('ip6tables', ['-t', 'filter', '-X', 'FW_WRAPPER_V6'], { reject: false });
+    });
+
+    it('should re-enable IPv6 via sysctl on cleanup if it was disabled', async () => {
+      // First, simulate setup that disabled IPv6
+      mockedExeca
+        .mockResolvedValueOnce(execaResult({ stdout: 'fw-bridge', stderr: '', exitCode: 0 }))
+        .mockResolvedValueOnce(execaResult({ stdout: '', stderr: '', exitCode: 0 }))
+        .mockResolvedValueOnce(execaResult({ exitCode: 1 }));
+
+      // Make ip6tables unavailable to trigger sysctl disable
+      mockedExeca.mockImplementation(((cmd: string) => {
+        if (cmd === 'ip6tables') {
+          return Promise.reject(new Error('ip6tables not found'));
+        }
+        return Promise.resolve({ stdout: '', stderr: '', exitCode: 0 });
+      }) as any);
+
+      await setupHostIptables('172.30.0.10', 3128, ['8.8.8.8', '8.8.4.4']);
+
+      // Now run cleanup
+      jest.clearAllMocks();
+      mockedExeca.mockImplementation(((cmd: string) => {
+        if (cmd === 'ip6tables') {
+          return Promise.reject(new Error('ip6tables not found'));
+        }
+        return Promise.resolve({ stdout: '', stderr: '', exitCode: 0 });
+      }) as any);
+
+      await cleanupHostIptables();
+
+      // Verify IPv6 was re-enabled via sysctl
+      expect(mockedExeca).toHaveBeenCalledWith('sysctl', ['-w', 'net.ipv6.conf.all.disable_ipv6=0']);
+      expect(mockedExeca).toHaveBeenCalledWith('sysctl', ['-w', 'net.ipv6.conf.default.disable_ipv6=0']);
+    });
+
+    it('should clean up IPv6 rules from DOCKER-USER when ip6tables is available', async () => {
+      // Mock all calls to succeed (ip6tables available)
+      mockedExeca.mockImplementation(((cmd: string, args: string[]) => {
+        // getNetworkBridgeName
+        if (cmd === 'docker' && args[0] === 'network') {
+          return Promise.resolve({ stdout: 'fw-bridge', stderr: '', exitCode: 0 });
+        }
+        // ip6tables -L -n (availability check)
+        if (cmd === 'ip6tables' && args.includes('-L') && args.includes('-n') && !args.includes('--line-numbers')) {
+          return Promise.resolve({ stdout: '', stderr: '', exitCode: 0 });
+        }
+        // ip6tables DOCKER-USER listing with FW_WRAPPER_V6 reference
+        if (cmd === 'ip6tables' && args.includes('DOCKER-USER') && args.includes('--line-numbers')) {
+          return Promise.resolve({ stdout: '1    FW_WRAPPER_V6  all  --  *      *       ::/0                 ::/0\n', stderr: '', exitCode: 0 });
+        }
+        // iptables DOCKER-USER listing with FW_WRAPPER reference
+        if (cmd === 'iptables' && args.includes('DOCKER-USER') && args.includes('--line-numbers')) {
+          return Promise.resolve({ stdout: '1    FW_WRAPPER  all  --  -i fw-bridge  -o fw-bridge  0.0.0.0/0            0.0.0.0/0\n', stderr: '', exitCode: 0 });
+        }
+        return Promise.resolve({ stdout: '', stderr: '', exitCode: 0 });
+      }) as any);
+
+      await cleanupHostIptables();
+
+      // Verify IPv6 chain was flushed and deleted
+      expect(mockedExeca).toHaveBeenCalledWith('ip6tables', ['-t', 'filter', '-F', 'FW_WRAPPER_V6'], { reject: false });
+      expect(mockedExeca).toHaveBeenCalledWith('ip6tables', ['-t', 'filter', '-X', 'FW_WRAPPER_V6'], { reject: false });
+      // Verify IPv6 DOCKER-USER rule was removed
+      expect(mockedExeca).toHaveBeenCalledWith('ip6tables', ['-t', 'filter', '-D', 'DOCKER-USER', '1'], { reject: false });
+      // Verify IPv4 chain was also cleaned
+      expect(mockedExeca).toHaveBeenCalledWith('iptables', ['-t', 'filter', '-F', 'FW_WRAPPER'], { reject: false });
+      expect(mockedExeca).toHaveBeenCalledWith('iptables', ['-t', 'filter', '-X', 'FW_WRAPPER'], { reject: false });
+    });
+
+    it('should skip IPv6 cleanup when ip6tables is not available', async () => {
+      mockedExeca.mockImplementation(((cmd: string, args: string[]) => {
+        if (cmd === 'docker') {
+          return Promise.resolve({ stdout: 'fw-bridge', stderr: '', exitCode: 0 });
+        }
+        if (cmd === 'ip6tables') {
+          return Promise.reject(new Error('ip6tables not found'));
+        }
+        if (cmd === 'iptables' && args.includes('DOCKER-USER') && args.includes('--line-numbers')) {
+          return Promise.resolve({ stdout: '', stderr: '', exitCode: 0 });
+        }
+        return Promise.resolve({ stdout: '', stderr: '', exitCode: 0 });
+      }) as any);
+
+      await cleanupHostIptables();
+
+      // Should NOT attempt ip6tables cleanup (except the availability check)
+      expect(mockedExeca).not.toHaveBeenCalledWith('ip6tables', ['-t', 'filter', '-F', 'FW_WRAPPER_V6'], { reject: false });
+    });
+
+    it('should not throw on errors (best-effort cleanup)', async () => {
+      mockedExeca.mockRejectedValue(new Error('iptables error'));
+
+      // Should not throw
+      await expect(cleanupHostIptables()).resolves.not.toThrow();
+    });
+  });
+
+  describe('cleanupHostIptables when bridge name is null', () => {
+    it('should skip IPv4 DOCKER-USER rule removal when bridge name is not found', async () => {
+      mockedExeca.mockImplementation(((cmd: string, args: string[]) => {
+        // getNetworkBridgeName returns empty string → null
+        if (cmd === 'docker' && args[0] === 'network' && args[1] === 'inspect') {
+          return Promise.resolve({ stdout: '', stderr: '', exitCode: 0 });
+        }
+        return Promise.resolve({ stdout: '', stderr: '', exitCode: 0 });
+      }) as any);
+
+      await cleanupHostIptables();
+
+      // Should NOT attempt to list DOCKER-USER rules (bridge name is null)
+      expect(mockedExeca).not.toHaveBeenCalledWith('iptables', [
+        '-t', 'filter', '-L', 'DOCKER-USER', '-n', '--line-numbers',
+      ], { reject: false });
+
+      // Should still flush/delete the chain
+      expect(mockedExeca).toHaveBeenCalledWith('iptables', ['-t', 'filter', '-F', 'FW_WRAPPER'], { reject: false });
+      expect(mockedExeca).toHaveBeenCalledWith('iptables', ['-t', 'filter', '-X', 'FW_WRAPPER'], { reject: false });
+    });
+  });
+});