You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PR github/gh-aw-firewall#2337 gates the OpenCode API proxy listener (port 10004) behind an explicit --enable-opencode CLI flag. Previously, the listener started unconditionally whenever any credential was present (OPENAI_API_KEY, ANTHROPIC_API_KEY, or COPILOT_AUTH_TOKEN).
After this change lands, OpenCode workflows compiled by gh-aw will silently lose access to port 10004 because the compiler does not currently emit --enable-opencode.
Current Behavior
BuildAWFArgs() in pkg/workflow/awf_helpers.go does not emit --enable-opencode
The OpenCode engine routes through an existing backend port (10000–10003) via UniversalLLMConsumerEngine, but port 10004 (OpenCode's unified dynamic-routing endpoint) will no longer start
Expected Behavior
When config.EngineName == "opencode", the compiler should:
Add --enable-opencode to AWF args in BuildAWFArgs()
Add port 10004 to --allow-host-ports so the agent container can reach the OpenCode listener
Problem
PR github/gh-aw-firewall#2337 gates the OpenCode API proxy listener (port 10004) behind an explicit
--enable-opencodeCLI flag. Previously, the listener started unconditionally whenever any credential was present (OPENAI_API_KEY,ANTHROPIC_API_KEY, orCOPILOT_AUTH_TOKEN).After this change lands, OpenCode workflows compiled by gh-aw will silently lose access to port 10004 because the compiler does not currently emit
--enable-opencode.Current Behavior
BuildAWFArgs()inpkg/workflow/awf_helpers.godoes not emit--enable-opencodeUniversalLLMConsumerEngine, but port 10004 (OpenCode's unified dynamic-routing endpoint) will no longer startExpected Behavior
When
config.EngineName == "opencode", the compiler should:--enable-opencodeto AWF args inBuildAWFArgs()--allow-host-portsso the agent container can reach the OpenCode listenerImplementation Notes
awfbinary (not part of the config file schema)AWF_ENABLE_OPENCODE=trueenv var in the api-proxy container--enable-opencoderequires--enable-api-proxy(which gh-aw already enables via the config file'sapiProxy.enabled: true)--difc-proxy-host(gated onawfSupportsCliProxy) or--allow-host-ports(gated onawfSupportsAllowHostPorts)Files to Modify
pkg/workflow/awf_helpers.go— Add--enable-opencodeinBuildAWFArgs()when engine is opencodepkg/workflow/awf_helpers.go— Include port 10004 in--allow-host-portsfor opencodepkg/constants/— AddAWFEnableOpenCodeMinVersionconstantpkg/workflow/awf_helpers_test.go— Test the new flag emissionpkg/workflow/enable_api_proxy_test.go— Add OpenCode to the proxy enablement testsDepends On