fix: propagate config fields to all layers#5887
Conversation
PR #5878 (feat: add Vertex AI provider to api-proxy) introduced three new routing fields — vertexApiTarget, vertexApiBasePath — and the googleApiKey credential, but did not propagate the routing fields to all required config layers. Gaps fixed: - src/awf-config-schema.json: add targets.vertex providerTarget entry - docs/awf-config.schema.json: keep identical to src schema (synced) - src/config-file.ts: add vertex?: { host, basePath } to AwfFileConfig.apiProxy.targets - src/config-mapper.ts: map targets.vertex.host → vertexApiTarget and targets.vertex.basePath → vertexApiBasePath - docs/awf-config-spec.md: add CLI mapping rows for vertex.host and vertex.basePath Note: googleApiKey is security-sensitive and is correctly passed only via environment variable (GOOGLE_API_KEY), not via stdin config, so no change to config-file.ts for that field. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR addresses a config propagation gap for the Vertex AI api-proxy target overrides by ensuring the apiProxy.targets.vertex fields are represented consistently across schema (src + docs), TypeScript config types, the config-file→CLI mapper, and the config spec documentation.
Changes:
- Added
apiProxy.targets.vertexto the JSON schema in bothsrc/anddocs/. - Extended
AwfFileConfigtyping to includeapiProxy.targets.vertex. - Mapped
apiProxy.targets.vertex.{host,basePath}to CLI option names and documented the mapping in the config spec.
Show a summary per file
| File | Description |
|---|---|
| src/config-mapper.ts | Adds config-file → CLI option mapping for Vertex API routing overrides. |
| src/config-file.ts | Extends AwfFileConfig to include apiProxy.targets.vertex. |
| src/awf-config-schema.json | Allows apiProxy.targets.vertex via providerTarget schema ref. |
| docs/awf-config.schema.json | Syncs the public schema with the source schema for Vertex config. |
| docs/awf-config-spec.md | Documents the config-to-CLI mapping for Vertex target/basePath fields. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 5/5 changed files
- Comments generated: 1
- Review effort level: Low
| geminiApiTarget: antigravityTargetConfig?.host ?? geminiTargetConfig?.host, | ||
| geminiApiBasePath: antigravityTargetConfig?.basePath ?? geminiTargetConfig?.basePath, | ||
| vertexApiTarget: config.apiProxy?.targets?.vertex?.host, | ||
| vertexApiBasePath: config.apiProxy?.targets?.vertex?.basePath, |
|
@copilot address review feedback |
Addressed. Added Vertex assertions to |
|
✅ Copilot review passed with no inline comments. @github-actions[bot] Add the |
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
🚀 Security Guard has started processing this pull request |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
✅ Build Test Suite completed successfully! |
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
|
✅ Smoke Claude passed |
|
✅ Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓 |
|
🔌 Smoke Services — All services reachable! ✅ |
|
✅ Contribution Check completed successfully! PR #5887 follows the applicable contribution guidelines based on the provided metadata, diff, and CONTRIBUTING.md. |
|
✅ Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓 |
|
✅ Smoke Gemini completed. All facets verified. 💎 Smoke test completed successfully. |
|
✅ Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓 |
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
Smoke Test: Claude Engine Validation
Overall Result: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test Results
Overall: PASS Author: Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Copilot BYOK (Direct) Mode✅ All Tests Passed
Mode: Direct BYOK (COPILOT_PROVIDER_API_KEY) via api-proxy sidecar Status: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Copilot PAT Auth
Overall: PARTIAL — MCP verified ✅; pre-step template vars unsubstituted. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Smoke test results for Warning Firewall blocked 2 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"
- "registry.npmjs.org"See Network Configuration for more information.
|
|
GitHub MCP Testing (pre-fetched PR titles): ✅ GitHub.com Connectivity: ✅ File Write/Read Test: ✅ BYOK Inference Test: ✅ Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra Overall status: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) Overall status: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Services Connectivity
Overall: FAIL — host.docker.internal (172.17.0.1) unreachable. Service containers not accessible from this runner. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: API Proxy OpenTelemetry Tracing
All active scenarios passed. OTEL tracing integration is functional. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Smoke test passed Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Config Consistency Fixes
Automated fixes for configuration fields not fully propagated across all required layers.
From PR #5878 — "feat: add Vertex AI provider to api-proxy credential isolation (port 10004)"
apiProxy.targets.vertex.hostvertexentry with$ref: providerTargettosrc/awf-config-schema.jsonand synced todocs/awf-config.schema.jsonapiProxy.targets.vertex.basePathproviderTarget$ref)apiProxy.targets.vertexvertex?: { host?: string; basePath?: string }toAwfFileConfig.apiProxy.targetsinsrc/config-file.tsapiProxy.targets.vertex.hostvertexApiTarget: config.apiProxy?.targets?.vertex?.hostinsrc/config-mapper.tsapiProxy.targets.vertex.basePathvertexApiBasePath: config.apiProxy?.targets?.vertex?.basePathinsrc/config-mapper.tsapiProxy.targets.vertex.hostapiProxy.targets.vertex.host → --vertex-api-targetrow to Section 5 ofdocs/awf-config-spec.mdapiProxy.targets.vertex.basePathapiProxy.targets.vertex.basePath → --vertex-api-base-pathrow to Section 5 ofdocs/awf-config-spec.mdNote:
googleApiKeyis security-sensitive and is correctly passed only via theGOOGLE_API_KEYenvironment variable — not via stdin config. No change needed for that field.Verification
tsc— exit 0)src/awf-config-schema.jsonanddocs/awf-config.schema.jsonare identical (diff— no output)Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.