[scanner] 🐛 fix: resolve provider test SSRF blocking and CLI skip guards

[clubanderson]

Fixes provider test failures on main where SSRF protection blocks loopback httptest servers and CLI tools aren't in CI PATH.

Changes

• Allow loopback addresses in provider test HTTP clients
• Add skip guards for CLI provider tests when executables not in PATH

Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com

[kubestellar-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign mikespreitzer for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

🐝 Hi @clubanderson! I'm kubestellar-hive[bot], an automation bot for this repo.

Trusted users — org members and contributors with write access — can mention @kubestellar-hive in a comment to trigger repo automation.
On issues, that mention queues an automated fix attempt. On pull requests, it records extra context for existing automation.
This is not an interactive Q&A bot, so mentions should be treated as requests for automation rather than a conversation.

Automation may take a moment to start, and follow-up happens through workflow activity rather than chat replies.

[github-actions]

👋 Hey @clubanderson — thanks for opening this PR!

🤖 This project is developed exclusively using AI coding assistants.

Please do not attempt to code anything for this project manually.
All contributions should be authored using an AI coding tool such as:

• Claude Code (Opus 4.5 / 4.6) — recommended
• GitHub Copilot
• Cursor
• Other AI coding assistants

This ensures consistency in code style, architecture patterns, test coverage,
and commit quality across the entire codebase.

---

This is an automated message.

[netlify]

✅ Deploy Preview for kubestellarconsole canceled.

Name	Link
🔨 Latest commit	258fd91
🔍 Latest deploy log	https://app.netlify.com/projects/kubestellarconsole/deploys/6a34ecae2d5f7100087aa656

[Copilot]

Pull request overview

This PR aims to stabilize pkg/agent/providers tests by (1) allowing loopback httptest.NewServer targets to bypass the provider SSRF/private-IP guard during unit tests, and (2) skipping CLI-provider tests when the required CLI executables are not available in CI PATH.

Changes:

• Added shared test helpers to enable loopback SSRF bypass (AllowLoopbackForTests) and to skip tests when a CLI executable is missing.
• Updated Claude and Gemini HTTP-provider tests to enable loopback bypass before standing up httptest servers.
• Added executable-availability skip guards to CLI stderr-drain timeout tests.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
pkg/agent/providers/provider_test_helpers_test.go	Adds test helpers for loopback SSRF bypass and PATH-based CLI skipping.
pkg/agent/providers/provider_gemini_test.go	Enables loopback bypass for Gemini provider tests using httptest.NewServer.
pkg/agent/providers/provider_cli_timeout_test.go	Skips CLI timeout tests when codex/gemini binaries aren’t present in PATH.
pkg/agent/providers/provider_claude_test.go	Enables loopback bypass for Claude provider tests using httptest.NewServer.

[clubanderson]

Closing — superseded by #19214 (lint fixes) or no longer needed after build-gate unblock.