feat: Add tests for public image staging in Discord CDN

[yacosta738]

This pull request adds a new asynchronous test to ensure that image downloads from the Discord CDN do not include an authorization header, and introduces supporting test infrastructure for simulating a CDN server. The changes improve test coverage for secure handling of public CDN image downloads in the Discord channel implementation.

Testing infrastructure improvements:

• Added an asynchronous helper function spawn_mock_cdn that creates a mock HTTP server to simulate a CDN, captures incoming requests, and serves image data with configurable content type for use in tests.

New test coverage:

• Introduced an async test fetch_and_stage_image_downloads_public_cdn_without_auth_header to verify that image downloads from the Discord CDN do not send an authorization header, and to check correct staging and cleanup of the downloaded image.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added test infrastructure to the Discord module, including a mock HTTP CDN server helper and a new test that verifies image downloads from public CDNs do not include authorization headers, while validating staged image metadata and file contents.

Changes

Cohort / File(s)	Summary
Discord CDN Test Infrastructure clients/agent-runtime/src/channels/discord.rs	Added spawn_mock_cdn helper function to spin up a mock HTTP server for testing. Introduced fetch_and_stage_image_downloads_public_cdn_without_auth_header async test that verifies GET requests to public CDN endpoints exclude Authorization headers and validates resulting StagedImage metadata and temp file contents.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

area:rust, risk:security

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	Description covers purpose and changes made, but lacks explicit sections for Related Issues, Tested Information, and Breaking Changes as specified in the template.	Add missing template sections: Related Issues, Tested Information (describe test execution), and confirm Breaking Changes section if applicable.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.
Title check	✅ Passed	The title clearly summarizes the main change: adding tests for public image staging in Discord CDN, using the 'feat' prefix as required by Conventional Commits.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/discord-image-ingestion-328

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ Contributor Report

User: @yacosta738
Status: Passed (12/13 metrics passed)

Metric	Description	Value	Threshold	Status
PR Merge Rate	PRs merged vs closed	90%	>= 30%	✅
Repo Quality	Repos with ≥100 stars	0	>= 0	✅
Positive Reactions	Positive reactions received	10	>= 1	✅
Negative Reactions	Negative reactions received	0	<= 5	✅
Account Age	GitHub account age	3085 days	>= 30 days	✅
Activity Consistency	Regular activity over time	108%	>= 0%	✅
Issue Engagement	Issues with community engagement	0	>= 0	✅
Code Reviews	Code reviews given to others	530	>= 0	✅
Merger Diversity	Unique maintainers who merged PRs	2	>= 0	✅
Repo History Merge Rate	Merge rate in this repo	91%	>= 0%	✅
Repo History Min PRs	Previous PRs in this repo	213	>= 0	✅
Profile Completeness	Profile richness (bio, followers)	90	>= 0	✅
Suspicious Patterns	Spam-like activity detection	1	N/A	❌

---

_{Contributor Report evaluates based on public GitHub activity. Analysis period: 2025-04-08 to 2026-04-08}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@clients/agent-runtime/src/channels/discord.rs`:
- Around line 1014-1053: Add a verification after staged.cleanup() in the
fetch_and_stage_image_downloads_public_cdn_without_auth_header test to assert
the temporary file was actually removed: after calling staged.cleanup(), check
that staged.temp_path no longer exists (e.g., using std::fs::metadata or
Path::exists) and fail the test if the file still exists; this ensures
staged.cleanup() actually deletes the file created by
DiscordChannel::fetch_and_stage_image and references the existing test symbols
staged, staged.temp_path, and staged.cleanup().

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: c7cdd43c-b6b5-4006-a074-fb7399338c6b

📥 Commits

Reviewing files that changed from the base of the PR and between 77d96e9 and 975415c.

📒 Files selected for processing (1)

• clients/agent-runtime/src/channels/discord.rs

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: sonar
• GitHub Check: pr-checks
• GitHub Check: Cloudflare Pages

🧰 Additional context used

📓 Path-based instructions (5)

clients/agent-runtime/src/channels/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Implement Channel trait in src/channels/ with consistent send, listen, and health_check semantics and cover auth/allowlist/health behavior with tests

Files:

• clients/agent-runtime/src/channels/discord.rs

clients/agent-runtime/src/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Files:

• clients/agent-runtime/src/channels/discord.rs

clients/agent-runtime/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Run cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test for code validation, or document which checks were skipped and why

Files:

• clients/agent-runtime/src/channels/discord.rs

**/*.rs

⚙️ CodeRabbit configuration file

**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.

Files:

• clients/agent-runtime/src/channels/discord.rs

**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

• clients/agent-runtime/src/channels/discord.rs

🧠 Learnings (1)

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests

Applied to files:

• clients/agent-runtime/src/channels/discord.rs

🔇 Additional comments (2)

clients/agent-runtime/src/channels/discord.rs (2)

555-557: LGTM!

Imports are minimal and correctly scoped for the new mock CDN helper.

---

558-607: LGTM!

Well-structured mock CDN helper:

• Ephemeral port binding avoids conflicts.
• Request capture enables header assertions.
• Single-connection model matches the test's needs.
• connection: close ensures clean shutdown.

[cloudflare-workers-and-pages]

Deploying corvus with    Cloudflare Pages

Latest commit:	46f8e03
Status:	✅  Deploy successful!
Preview URL:	https://1303212f.corvus-42x.pages.dev
Branch Preview URL:	https://feat-discord-image-ingestion.corvus-42x.pages.dev

View logs

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
98.8% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud