Skip to content

Clarify AWF api-proxy auth boundary#22730

Merged
lpcox merged 4 commits intomainfrom
docs/clarify-api-proxy-boundary
Mar 24, 2026
Merged

Clarify AWF api-proxy auth boundary#22730
lpcox merged 4 commits intomainfrom
docs/clarify-api-proxy-boundary

Conversation

@szabta89
Copy link
Contributor

@szabta89 szabta89 commented Mar 24, 2026

Clarifies that the AWF api-proxy is a routing layer, not a separate caller-auth boundary for arbitrary code already running inside the agent container.

Copilot AI review requested due to automatic review settings March 24, 2026 17:27
Copilot AI reviewed Mar 24, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates documentation to clarify that the AWF api-proxy is primarily a routing layer (and still subject to AWF network controls), and should not be treated as a standalone caller-auth boundary for arbitrary code already running inside the agent container.

Changes:

  • Refines the “custom API endpoints via env vars” documentation to clarify the proxy’s role and limits as an auth boundary.
  • Updates the security architecture write-up to describe the API proxy as a routing layer that may hold engine-specific credentials/configuration.
  • Adds explicit guidance that some engine integrations may still require credentials inside the agent container for CLI compatibility.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
docs/src/content/docs/reference/engines.md Clarifies proxy routing behavior and explicitly narrows the implied auth-boundary guarantees.
docs/src/content/docs/introduction/architecture.mdx Updates Layer 1 and architecture summary text to describe the API proxy as routing (and not a universal credential-isolation boundary).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions github-actions bot mentioned this pull request Mar 24, 2026
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2026

Hey @szabta89 👋 — thanks for this documentation clarification around the api-proxy auth boundary! The change is clear, targeted, and addresses a genuine potential misunderstanding about whether the proxy constitutes a caller-authentication boundary for arbitrary in-container code.

That said, there's one process concern to flag:

  • Direct PR creation — Per CONTRIBUTING.md, this repository follows an agentic development model in which only core team members create pull requests (typically via Copilot or a local coding agent). Community members are asked to contribute through issues with agentic plans, which a core team member then picks up and implements. Your username (szabta89) does not appear in CODEOWNERS, so it's unclear whether you're part of the core team. If you are, no action is needed here — carry on! If you are not, the correct path would have been to open an issue with the proposed wording changes.

No test changes are needed for a docs-only clarification like this — that's expected and fine.

If you'd like a core team member to fast-track this, you can assign the following prompt to a coding agent:

Apply the api-proxy auth boundary documentation clarification from PR #22730 to the following two files:

1. docs/src/content/docs/introduction/architecture.mdx
   - In the Layer 1 description, replace the phrase about the API proxy "holds authentication tokens so that they do not need to be shared with the agent container (when supported)" with: "routes model traffic and may hold endpoint-specific credentials or routing configuration for supported engines".
   - In bullet point 5 of the MCP/network diagram section, replace the sentence about the api-proxy keeping tokens out of the agent container with: "When supported by an agent, AWF creates a trusted `api-proxy` that routes model traffic on the agent's behalf while keeping that traffic behind AWF's network controls. This proxy should not be treated as a separate caller-authentication boundary for arbitrary code already running inside the agent container: some engine integrations still receive credentials in-container for CLI compatibility."

2. docs/src/content/docs/reference/engines.md
   - In the "Custom API Endpoints via Environment Variables" section, replace the closing sentence "Credential isolation and firewall enforcement remain active." with: "Firewall enforcement remains active, but this routing layer is not a separate authentication boundary for arbitrary code already running inside the agent container."

Verify the changes render correctly in the Astro/Starlight docs site (no broken MDX). No test changes are required for this docs-only update.

Generated by Contribution Check ·

@github-actions github-actions bot mentioned this pull request Mar 24, 2026
Closed
lpcox and others added 2 commits March 24, 2026 15:29
@lpcox
Update docs/src/content/docs/reference/engines.md
e4b1920 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@lpcox
Update docs/src/content/docs/introduction/architecture.mdx
a3365a4 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Copilot AI requested a review from lpcox March 24, 2026 22:34
@lpcox lpcox merged commit 38e4ddc into main Mar 24, 2026
@lpcox lpcox deleted the docs/clarify-api-proxy-boundary branch March 24, 2026 22:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lpcox lpcox Awaiting requested review from lpcox

+1 more reviewer

Copilot code review Copilot Copilot left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@lpcox lpcox

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@szabta89 @lpcox