Fix firewall analysis showing "-" instead of actual blocked domains for iptables-dropped traffic

[Copilot]

• Fix pkg/cli/firewall_log.go - use destIPPort as fallback when domain is "-" (iptables-dropped traffic)
• Fix actions/setup/js/parse_firewall_logs.cjs - same fallback logic in JS
• Fix actions/setup/js/firewall_blocked_domains.cjs - same fallback logic in JS
• Fix pkg/cli/logs_parsing_firewall.go - update inline JS to mirror parse_firewall_logs.cjs
• Add TestParseFirewallLogIptablesDropped test in Go
• Add "should use destIpPort as fallback when domain is placeholder" test in JS
• Fix CI failure: capitalize Markdown in compile command Short description (cmd/gh-aw/main.go)
• Fix CI failure: add global.core no-op mock in git_patch_integration.test.cjs so incremental mode tests that call generateGitPatch work outside of GitHub Actions environment

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

Fixes firewall analysis/reporting so iptables-dropped traffic (where Squid logs domain="-") is attributed to the real destination using dest_ip:port as a fallback key.

Changes:

• Use dest_ip:port as the domain key when domain === "-" in Go and JS firewall log parsers.
• Apply the same fallback in the Actions step-summary parser and the inline JS used by the CLI.
• Add/adjust tests to cover iptables-dropped scenarios and ensure blocked destinations are surfaced.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pkg/cli/firewall_log.go	Uses DestIPPort as the domain key when Domain == "-" during analysis.
pkg/cli/logs_parsing_firewall.go	Mirrors the same fallback in the embedded JS used for generating firewall summaries.
actions/setup/js/parse_firewall_logs.cjs	Uses destIpPort fallback when domain is a placeholder, improving step summary attribution.
actions/setup/js/firewall_blocked_domains.cjs	Uses destIpPort fallback when domain is a placeholder for blocked domain extraction.
pkg/cli/firewall_log_test.go	Adds a focused test validating iptables-dropped fallback behavior in Go parsing.
actions/setup/js/firewall_blocked_domains.test.cjs	Expands tests to validate destIpPort fallback behavior for blocked domain extraction.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[pelikhan]

@copilot Fix https://github.com/github/gh-aw/actions/runs/22811600503/job/66173340171

[Copilot]

@copilot Fix https://github.com/github/gh-aw/actions/runs/22811600503/job/66173340171

Fixed in 4268ba3. The CI failure was TestTechnicalTermsCapitalization — the compile command's Short description had lowercase markdown instead of Markdown. Changed "Compile workflow markdown files (.md)..." → "Compile workflow Markdown files (.md)...".

[pelikhan]

@copilot Fix https://github.com/github/gh-aw/actions/runs/22813218850/job/66173720496

[Copilot]

@copilot Fix https://github.com/github/gh-aw/actions/runs/22813218850/job/66173720496

Fixed in 747aa11. The 4 failing tests were in git_patch_integration.test.cjs → incremental mode describe block. They call generateGitPatch, which uses execGitSync from git_helpers.cjs, which calls core.debug/core.error as GitHub Actions globals. The test file had no global.core mock, causing ReferenceError: core is not defined — caught silently and returning success: false. Added a no-op global.core mock (using vi.fn()) at the top of the file, matching the pattern used in other test files.