feat: use api-proxy for OpenAI/Codex only #796
Conversation
Changed --enable-api-proxy flag default from false to true. Updated types.ts @default documentation to reflect new default. All existing tests pass. Co-authored-by: lpcox <[email protected]>
Updated documentation to clarify that API proxy is now enabled by default. Added examples showing that the flag is optional and how to disable it. Co-authored-by: lpcox <[email protected]>
Claude
AI
changed the title
|
📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident... |
|
💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges... |
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
|
| Metric | Base | PR | Delta |
|---|---|---|---|
| Lines | 82.92% | 82.98% | 📈 +0.06% |
| Statements | 82.91% | 82.97% | 📈 +0.06% |
| Functions | 82.74% | 82.74% | ➡️ +0.00% |
| Branches | 74.92% | 74.87% | 📉 -0.05% |
📁 Per-file Coverage Changes (1 files)
| File | Lines (Before → After) | Statements (Before → After) |
|---|---|---|
src/docker-manager.ts |
84.8% → 85.0% (+0.22%) | 84.3% → 84.5% (+0.21%) |
Coverage comparison generated by scripts/ci/compare-coverage.ts
…#798) * Initial plan * fix: add --build-local flag to example scripts Co-authored-by: lpcox <[email protected]> * fix: add --build-local to github-copilot.sh for consistency Co-authored-by: lpcox <[email protected]> * fix: build only api-proxy locally, pull squid and agent from GHCR Co-authored-by: lpcox <[email protected]> --------- Co-authored-by: anthropic-code-agent[bot] <[email protected]> Co-authored-by: lpcox <[email protected]>
|
📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident... |
|
💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges... |
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
* Initial plan * fix: add missing package-lock.json for api-proxy container Co-authored-by: lpcox <[email protected]> --------- Co-authored-by: anthropic-code-agent[bot] <[email protected]> Co-authored-by: lpcox <[email protected]>
|
💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges... |
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
|
📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident... |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
* Initial plan * fix(api-proxy): keep containers running when no API keys present The api-proxy container was exiting immediately when no API keys were configured because the HTTP servers were only started conditionally. This caused docker-compose health checks to fail and prevented containers from starting. Changed server.js to always start both HTTP servers (ports 10000 and 10001), with conditional middleware setup based on API key presence. This keeps the container running and health checks passing even when API keys are not configured. Fixes issue where test-examples workflow failed with "dependency failed to start: container awf-api-proxy exited (0)" Co-authored-by: lpcox <[email protected]> --------- Co-authored-by: anthropic-code-agent[bot] <[email protected]> Co-authored-by: lpcox <[email protected]>
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges... |
|
Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded. |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
Deno Build Test Results
Overall: ✅ PASS All Deno tests completed successfully.
|
Node.js Build Test Results
Overall: PASS ✅ All Node.js projects successfully installed dependencies and passed their test suites.
|
Smoke Test Results (Run 21981890332)Last 2 Merged PRs:
Test Results:
Overall Status: PASS cc:
|
Go Build Test Results
Overall: PASS ✅ All Go projects built and tested successfully.
|
C++ Build Test Results
Overall: PASS All C++ projects built successfully.
|
Deno Build Test Results
Overall: ✅ PASS All Deno tests completed successfully.
|
🦀 Rust Build Test Results
Overall: ✅ PASS All Rust projects built and tested successfully.
|
.NET Build Test Results
Overall: PASS ✅ All .NET projects built and ran successfully:
|
☕ Java Build Test Results
Overall: ✅ PASS All Java projects compiled and tested successfully through the AWF firewall.
|
Chroot Test ResultsThe chroot version comparison tests have been executed. Here are the results:
Overall Status: ❌ Tests did not pass The chroot environment is not using the same runtime versions as the host. This may indicate that the transparent host binary access is not working as expected for Python and Node.js.
|
* Initial plan * fix(ci): add missing ANTHROPIC_API_KEY to detection job The detection job was failing with "Not logged in · Please run /login" because ANTHROPIC_API_KEY was not being passed to the Claude Code CLI execution step. The job validates that ANTHROPIC_API_KEY exists (line 1091) but was not passing it to the claude CLI command execution (line 1124+). This fix adds ANTHROPIC_API_KEY to the env block of the "Execute Claude Code CLI" step in the detection job, matching the configuration in the agent job. Co-authored-by: lpcox <[email protected]> --------- Co-authored-by: anthropic-code-agent[bot] <[email protected]> Co-authored-by: lpcox <[email protected]>
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded. |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (2 files)
Coverage comparison generated by |
|
Smoke Test Results ✅ PASS Recent PRs:
Tests:
cc @lpcox
|
Node.js Build Test Results
Overall: PASS ✅ All three Node.js projects successfully installed dependencies and passed their test suites.
|
C++ Build Test Results
Overall: PASS ✅ All C++ projects built successfully.
|
Smoke Test ResultsLast 2 Merged PRs:
Test Results:
Status: PASS
|
Go Build Test Results
Overall: ✅ PASS All Go projects built and tested successfully.
|
Build Test: Bun ✅
Overall: PASS
|
.NET Build Test Results
Overall: PASS All .NET projects successfully restored, built, and executed:
|
Chroot Version Comparison Results
Overall Status: ❌ Tests did not pass - version mismatches detected The chroot environment is not using the exact same runtime versions as the host. This is expected behavior since the chroot mode mounts host binaries but may have different system libraries or configurations.
|
Java Build Test Results ✅All Java projects compiled and tested successfully through the AWF firewall.
Overall: PASS Maven proxy configuration required IP address
|
|
@claude[agent] could we replace the hand-built api-proxy that is used for codex with nginx? |
Yes, nginx could replace the Node.js api-proxy. It has the necessary features: nginx capabilities:
Implementation considerations:
The current implementation works well, but nginx would be a viable alternative if you prefer a more traditional reverse proxy. Would you like me to implement the nginx version? |
Claude
AI
changed the title
3 participants
This PR enables the API proxy sidecar by default for OpenAI/Codex API calls, while keeping Anthropic/Claude authentication in the agent container (like GitHub Copilot). The proxy isolates OpenAI credentials from the agent container and routes traffic through Squid for domain whitelisting.
Changes Made
API Proxy Configuration
--enable-api-proxytotrueand update type/docs to reflect default-on behaviorOPENAI_API_KEYis presentNetworking and Routing
OPENAI_BASE_URL(http://172.30.0.30:10000) to avoid DNS issuesNO_PROXY+ iptables allowancesImplementation Details
HttpsProxyAgentto route through SquidAuthorization: Bearer ${OPENAI_API_KEY}headersANTHROPIC_API_KEYdirectly in agent (like GitHub Copilot tokens)Testing
NO_PROXYandAWF_API_PROXY_IPenvironment variables