Skip to content

fix: propagate config fields to all layers#5887

Merged
lpcox merged 2 commits into
mainfrom
fix/propagate-vertex-config-to-all-layers-f3c60d4dec9debe0
Jul 4, 2026
Merged

fix: propagate config fields to all layers#5887
lpcox merged 2 commits into
mainfrom
fix/propagate-vertex-config-to-all-layers-f3c60d4dec9debe0

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Config Consistency Fixes

Automated fixes for configuration fields not fully propagated across all required layers.

From PR #5878 — "feat: add Vertex AI provider to api-proxy credential isolation (port 10004)"

Field Layer Fix Applied
apiProxy.targets.vertex.host JSON Schema (src + docs) Added vertex entry with $ref: providerTarget to src/awf-config-schema.json and synced to docs/awf-config.schema.json
apiProxy.targets.vertex.basePath JSON Schema (src + docs) Same as above (included in the providerTarget $ref)
apiProxy.targets.vertex TypeScript config-file Added vertex?: { host?: string; basePath?: string } to AwfFileConfig.apiProxy.targets in src/config-file.ts
apiProxy.targets.vertex.host Config mapper Added vertexApiTarget: config.apiProxy?.targets?.vertex?.host in src/config-mapper.ts
apiProxy.targets.vertex.basePath Config mapper Added vertexApiBasePath: config.apiProxy?.targets?.vertex?.basePath in src/config-mapper.ts
apiProxy.targets.vertex.host Spec CLI mapping Added apiProxy.targets.vertex.host → --vertex-api-target row to Section 5 of docs/awf-config-spec.md
apiProxy.targets.vertex.basePath Spec CLI mapping Added apiProxy.targets.vertex.basePath → --vertex-api-base-path row to Section 5 of docs/awf-config-spec.md

Note: googleApiKey is security-sensitive and is correctly passed only via the GOOGLE_API_KEY environment variable — not via stdin config. No change needed for that field.

Verification

  • TypeScript compiles (tsc — exit 0)
  • src/awf-config-schema.json and docs/awf-config.schema.json are identical (diff — no output)
  • Config-file-mapping tests pass
  • Schema validation tests pass

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Config Consistency Auditor · 79.9 AIC · ⊞ 6.4K ·

PR #5878 (feat: add Vertex AI provider to api-proxy) introduced three new
routing fields — vertexApiTarget, vertexApiBasePath — and the googleApiKey
credential, but did not propagate the routing fields to all required config
layers.

Gaps fixed:
- src/awf-config-schema.json: add targets.vertex providerTarget entry
- docs/awf-config.schema.json: keep identical to src schema (synced)
- src/config-file.ts: add vertex?: { host, basePath } to AwfFileConfig.apiProxy.targets
- src/config-mapper.ts: map targets.vertex.host → vertexApiTarget and
  targets.vertex.basePath → vertexApiBasePath
- docs/awf-config-spec.md: add CLI mapping rows for vertex.host and vertex.basePath

Note: googleApiKey is security-sensitive and is correctly passed only via
environment variable (GOOGLE_API_KEY), not via stdin config, so no change
to config-file.ts for that field.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lpcox lpcox requested a review from Copilot July 3, 2026 20:17
@lpcox lpcox marked this pull request as ready for review July 3, 2026 20:17

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a config propagation gap for the Vertex AI api-proxy target overrides by ensuring the apiProxy.targets.vertex fields are represented consistently across schema (src + docs), TypeScript config types, the config-file→CLI mapper, and the config spec documentation.

Changes:

  • Added apiProxy.targets.vertex to the JSON schema in both src/ and docs/.
  • Extended AwfFileConfig typing to include apiProxy.targets.vertex.
  • Mapped apiProxy.targets.vertex.{host,basePath} to CLI option names and documented the mapping in the config spec.
Show a summary per file
File Description
src/config-mapper.ts Adds config-file → CLI option mapping for Vertex API routing overrides.
src/config-file.ts Extends AwfFileConfig to include apiProxy.targets.vertex.
src/awf-config-schema.json Allows apiProxy.targets.vertex via providerTarget schema ref.
docs/awf-config.schema.json Syncs the public schema with the source schema for Vertex config.
docs/awf-config-spec.md Documents the config-to-CLI mapping for Vertex target/basePath fields.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 5/5 changed files
  • Comments generated: 1
  • Review effort level: Low

Comment thread src/config-mapper.ts
Comment on lines 57 to +60
geminiApiTarget: antigravityTargetConfig?.host ?? geminiTargetConfig?.host,
geminiApiBasePath: antigravityTargetConfig?.basePath ?? geminiTargetConfig?.basePath,
vertexApiTarget: config.apiProxy?.targets?.vertex?.host,
vertexApiBasePath: config.apiProxy?.targets?.vertex?.basePath,
@lpcox

lpcox commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

@copilot address review feedback

Copilot AI commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@copilot address review feedback

Addressed. Added Vertex assertions to src/config-file-mapping.test.ts in commit 334101d, covering vertexApiTarget and vertexApiBasePath in the existing “maps all API proxy target fields” test.

Copilot finished work on behalf of lpcox July 3, 2026 20:26
Copilot AI requested a review from lpcox July 3, 2026 20:26
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

✅ Copilot review passed with no inline comments.

@github-actions[bot] Add the ready-for-aw label to this PR to trigger agentic CI smoke tests.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit 4df1744

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

🚀 Security Guard has started processing this pull request

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Build Test Suite completed successfully!

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Chroot tests failed Smoke Chroot failed - See logs for details.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Claude passed

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

🔌 Smoke Services — All services reachable! ✅

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Contribution Check completed successfully!

PR #5887 follows the applicable contribution guidelines based on the provided metadata, diff, and CONTRIBUTING.md.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Gemini completed. All facets verified. 💎

Smoke test completed successfully.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

✅ Coverage Check Passed

Overall Coverage

Metric Base PR Delta
Lines 98.59% 98.63% 📈 +0.04%
Statements 98.52% 98.55% 📈 +0.03%
Functions 99.44% 99.44% ➡️ +0.00%
Branches 94.34% 94.34% ➡️ +0.00%
📁 Per-file Coverage Changes (1 files)
File Lines (Before → After) Statements (Before → After)
src/workdir-setup.ts 93.2% → 94.9% (+1.69%) 93.2% → 94.9% (+1.69%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test: Claude Engine Validation

Check Result
API Status ✅ PASS
GH Check ✅ PASS
File Status ✅ PASS

Overall Result: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Smoke Claude for #5887 · 55.6 AIC · ⊞ 3.3K ·
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test Results

Test Status
GitHub MCP connectivity
GitHub.com HTTP
File write/read

Overall: PASS

Author: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test: Copilot BYOK (Direct) Mode

All Tests Passed

  • ✅ GitHub.com connectivity: HTTP 200
  • ✅ File write/read: smoke-test-copilot-byok.txt exists
  • ✅ BYOK inference: Running in direct BYOK mode via api-proxy → api.githubcopilot.com
  • ✅ MCP connectivity: Copilot responding to prompts

Mode: Direct BYOK (COPILOT_PROVIDER_API_KEY) via api-proxy sidecar

Status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK report filed by Smoke Copilot BYOK
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test: Copilot PAT Auth

Test Result
GitHub MCP connectivity ✅ Verified
GitHub.com HTTP ⚠️ Pre-step data not substituted
File write/read ⚠️ Pre-step data not substituted

Overall: PARTIAL — MCP verified ✅; pre-step template vars unsubstituted.
Auth mode: PAT (COPILOT_GITHUB_TOKEN) | Author: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 PAT report filed by Smoke Copilot PAT
Add label ready-for-aw to run again

@github-actions github-actions Bot mentioned this pull request Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke test results for fix: propagate config fields to all layers
✅ GitHub merged PR review
✅ SafeInputs GH CLI query
❌ Playwright page title check
✅ File write/read verification
✅ Build (npm ci && npm run build)
Overall status: FAIL

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

  • awmgmcpg
  • registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

@lpcox

GitHub MCP Testing (pre-fetched PR titles): ✅

GitHub.com Connectivity: ✅

File Write/Read Test: ✅

BYOK Inference Test: ✅

Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra

Overall status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

@lpcox

  • GitHub MCP Testing: ✅
  • GitHub.com Connectivity: ✅
  • File Write/Read Test: ✅
  • BYOK Inference Test: ✅

Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)

Overall status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test: Services Connectivity

  • Redis PING: ❌ (Network is unreachable)
  • PostgreSQL pg_isready: ❌ (no response)
  • PostgreSQL SELECT 1: ❌ (Network is unreachable)

Overall: FAIL — host.docker.internal (172.17.0.1) unreachable. Service containers not accessible from this runner.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔌 Service connectivity validated by Smoke Services
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test: API Proxy OpenTelemetry Tracing

Scenario Result Notes
1. Module Loading ✅ Pass otel.js loads; exports 7 public functions: startRequestSpan, setTokenAttributes, setBudgetAttributes, endSpan, endSpanError, shutdown, isEnabled
2. Test Suite ✅ Pass 59/59 tests passed across 2 suites (otel.test.js, otel-fanout.test.js)
3. Env Var Forwarding ✅ Pass src/services/api-proxy-env-config.ts forwards GH_AW_OTLP_ENDPOINTS, OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_HEADERS, GITHUB_AW_OTEL_TRACE_ID, GITHUB_AW_OTEL_PARENT_SPAN_ID, OTEL_SERVICE_NAME to the api-proxy container
4. Token Tracker Integration ✅ Pass onUsage callback exists in token-tracker-http.js as the OTEL hook point
5. OTEL Diagnostics ⚠️ N/A No live container run available in sandbox; fallback FileSpanExporter/var/log/api-proxy/otel.jsonl confirmed in module code

All active scenarios passed. OTEL tracing integration is functional.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📡 OTel tracing validated by Smoke OTel Tracing
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Smoke test passed

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

🏗️ Build Test Suite Results

Ecosystem Project Build/Install Tests Status
Bun elysia 1/1 passed ✅ PASS
Bun hono 1/1 passed ✅ PASS
C++ fmt N/A ✅ PASS
C++ json N/A ✅ PASS
Deno oak N/A 1/1 passed ✅ PASS
Deno std N/A 1/1 passed ✅ PASS
.NET hello-world N/A ✅ PASS
.NET json-parse N/A ✅ PASS
Go color 1/1 passed ✅ PASS
Go env 1/1 passed ✅ PASS
Go uuid 1/1 passed ✅ PASS
Java gson 1/1 passed ✅ PASS
Java caffeine 1/1 passed ✅ PASS
Node.js clsx All passed ✅ PASS
Node.js execa All passed ✅ PASS
Node.js p-limit All passed ✅ PASS
Rust fd 1/1 passed ✅ PASS
Rust zoxide 1/1 passed ✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Build Test Suite for #5887 · 51.6 AIC · ⊞ 6.9K ·
Add label ready-for-aw to run again

@lpcox lpcox merged commit f696b41 into main Jul 4, 2026
89 of 90 checks passed
@lpcox lpcox deleted the fix/propagate-vertex-config-to-all-layers-f3c60d4dec9debe0 branch July 4, 2026 13:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants