diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index 2038ca3af9..7371ca53e6 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -749,8 +749,22 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GH_AW_ASSETS_ALLOWED_EXTS", "GH_AW_ASSETS_BRANCH", "GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_SAFE_OUTPUTS", "GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "HOME", "OPENAI_API_KEY", "PATH"] + + model_provider = "openai-proxy" + + [model_providers.openai-proxy] + name = "OpenAI AWF proxy" + base_url = "http://172.30.0.30:10000" + env_key = "OPENAI_API_KEY" + supports_websockets = false GH_AW_CODEX_SHELL_POLICY_41a4d5c2d909bed6_EOF - cat "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" + awk ' + BEGIN { skip_openai_proxy = 0 } + /^[[:space:]]*model_provider[[:space:]]*=/ { next } + /^\[model_providers\.openai-proxy\][[:space:]]*$/ { skip_openai_proxy = 1; next } + /^\[/ { skip_openai_proxy = 0 } + !skip_openai_proxy { print } + ' "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" chmod 600 "/tmp/gh-aw/mcp-config/config.toml" mkdir -p "${CODEX_HOME}" if [ "/tmp/gh-aw/mcp-config/config.toml" != "${CODEX_HOME}/config.toml" ]; then cp "/tmp/gh-aw/mcp-config/config.toml" "${CODEX_HOME}/config.toml"; fi diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index bf28ff0201..2dad5fa5e6 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -768,8 +768,22 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GH_AW_ASSETS_ALLOWED_EXTS", "GH_AW_ASSETS_BRANCH", "GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_SAFE_OUTPUTS", "GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "HOME", "OPENAI_API_KEY", "PATH"] + + model_provider = "openai-proxy" + + [model_providers.openai-proxy] + name = "OpenAI AWF proxy" + base_url = "http://172.30.0.30:10000" + env_key = "OPENAI_API_KEY" + supports_websockets = false GH_AW_CODEX_SHELL_POLICY_20aa83733790ce7c_EOF - cat "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" + awk ' + BEGIN { skip_openai_proxy = 0 } + /^[[:space:]]*model_provider[[:space:]]*=/ { next } + /^\[model_providers\.openai-proxy\][[:space:]]*$/ { skip_openai_proxy = 1; next } + /^\[/ { skip_openai_proxy = 0 } + !skip_openai_proxy { print } + ' "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" chmod 600 "/tmp/gh-aw/mcp-config/config.toml" mkdir -p "${CODEX_HOME}" if [ "/tmp/gh-aw/mcp-config/config.toml" != "${CODEX_HOME}/config.toml" ]; then cp "/tmp/gh-aw/mcp-config/config.toml" "${CODEX_HOME}/config.toml"; fi diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index c883bf38fc..8f37ef79ad 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -443,8 +443,22 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GITHUB_PERSONAL_ACCESS_TOKEN", "HOME", "OPENAI_API_KEY", "PATH"] + + model_provider = "openai-proxy" + + [model_providers.openai-proxy] + name = "OpenAI AWF proxy" + base_url = "http://172.30.0.30:10000" + env_key = "OPENAI_API_KEY" + supports_websockets = false GH_AW_CODEX_SHELL_POLICY_6ef9da006a49787c_EOF - cat "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" + awk ' + BEGIN { skip_openai_proxy = 0 } + /^[[:space:]]*model_provider[[:space:]]*=/ { next } + /^\[model_providers\.openai-proxy\][[:space:]]*$/ { skip_openai_proxy = 1; next } + /^\[/ { skip_openai_proxy = 0 } + !skip_openai_proxy { print } + ' "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" chmod 600 "/tmp/gh-aw/mcp-config/config.toml" mkdir -p "${CODEX_HOME}" if [ "/tmp/gh-aw/mcp-config/config.toml" != "${CODEX_HOME}/config.toml" ]; then cp "/tmp/gh-aw/mcp-config/config.toml" "${CODEX_HOME}/config.toml"; fi diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 205736923e..8ef949b571 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -871,8 +871,22 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GH_AW_ASSETS_ALLOWED_EXTS", "GH_AW_ASSETS_BRANCH", "GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_SAFE_OUTPUTS", "GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "HOME", "OPENAI_API_KEY", "PATH"] + + model_provider = "openai-proxy" + + [model_providers.openai-proxy] + name = "OpenAI AWF proxy" + base_url = "http://172.30.0.30:10000" + env_key = "OPENAI_API_KEY" + supports_websockets = false GH_AW_CODEX_SHELL_POLICY_252c56bd99e6f878_EOF - cat "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" + awk ' + BEGIN { skip_openai_proxy = 0 } + /^[[:space:]]*model_provider[[:space:]]*=/ { next } + /^\[model_providers\.openai-proxy\][[:space:]]*$/ { skip_openai_proxy = 1; next } + /^\[/ { skip_openai_proxy = 0 } + !skip_openai_proxy { print } + ' "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" chmod 600 "/tmp/gh-aw/mcp-config/config.toml" mkdir -p "${CODEX_HOME}" if [ "/tmp/gh-aw/mcp-config/config.toml" != "${CODEX_HOME}/config.toml" ]; then cp "/tmp/gh-aw/mcp-config/config.toml" "${CODEX_HOME}/config.toml"; fi diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index c55c79a382..b755931fbe 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -799,8 +799,22 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GH_AW_ASSETS_ALLOWED_EXTS", "GH_AW_ASSETS_BRANCH", "GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_SAFE_OUTPUTS", "GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "GITHUB_TOKEN", "HOME", "OPENAI_API_KEY", "PATH"] + + model_provider = "openai-proxy" + + [model_providers.openai-proxy] + name = "OpenAI AWF proxy" + base_url = "http://172.30.0.30:10000" + env_key = "OPENAI_API_KEY" + supports_websockets = false GH_AW_CODEX_SHELL_POLICY_08284ac4f16ebe02_EOF - cat "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" + awk ' + BEGIN { skip_openai_proxy = 0 } + /^[[:space:]]*model_provider[[:space:]]*=/ { next } + /^\[model_providers\.openai-proxy\][[:space:]]*$/ { skip_openai_proxy = 1; next } + /^\[/ { skip_openai_proxy = 0 } + !skip_openai_proxy { print } + ' "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" chmod 600 "/tmp/gh-aw/mcp-config/config.toml" mkdir -p "${CODEX_HOME}" if [ "/tmp/gh-aw/mcp-config/config.toml" != "${CODEX_HOME}/config.toml" ]; then cp "/tmp/gh-aw/mcp-config/config.toml" "${CODEX_HOME}/config.toml"; fi diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 5ca433ba62..b4083ff8bb 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -773,8 +773,22 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GH_AW_ASSETS_ALLOWED_EXTS", "GH_AW_ASSETS_BRANCH", "GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_SAFE_OUTPUTS", "GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "HOME", "OPENAI_API_KEY", "PATH"] + + model_provider = "openai-proxy" + + [model_providers.openai-proxy] + name = "OpenAI AWF proxy" + base_url = "http://172.30.0.30:10000" + env_key = "OPENAI_API_KEY" + supports_websockets = false GH_AW_CODEX_SHELL_POLICY_5f2b419d8d1a0762_EOF - cat "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" + awk ' + BEGIN { skip_openai_proxy = 0 } + /^[[:space:]]*model_provider[[:space:]]*=/ { next } + /^\[model_providers\.openai-proxy\][[:space:]]*$/ { skip_openai_proxy = 1; next } + /^\[/ { skip_openai_proxy = 0 } + !skip_openai_proxy { print } + ' "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" chmod 600 "/tmp/gh-aw/mcp-config/config.toml" mkdir -p "${CODEX_HOME}" if [ "/tmp/gh-aw/mcp-config/config.toml" != "${CODEX_HOME}/config.toml" ]; then cp "/tmp/gh-aw/mcp-config/config.toml" "${CODEX_HOME}/config.toml"; fi diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index c748bbcf79..e1ba7cba1e 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -796,8 +796,22 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GH_AW_ASSETS_ALLOWED_EXTS", "GH_AW_ASSETS_BRANCH", "GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_SAFE_OUTPUTS", "GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "HOME", "OPENAI_API_KEY", "PATH"] + + model_provider = "openai-proxy" + + [model_providers.openai-proxy] + name = "OpenAI AWF proxy" + base_url = "http://172.30.0.30:10000" + env_key = "OPENAI_API_KEY" + supports_websockets = false GH_AW_CODEX_SHELL_POLICY_fd0494d129bb4dc0_EOF - cat "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" + awk ' + BEGIN { skip_openai_proxy = 0 } + /^[[:space:]]*model_provider[[:space:]]*=/ { next } + /^\[model_providers\.openai-proxy\][[:space:]]*$/ { skip_openai_proxy = 1; next } + /^\[/ { skip_openai_proxy = 0 } + !skip_openai_proxy { print } + ' "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" chmod 600 "/tmp/gh-aw/mcp-config/config.toml" mkdir -p "${CODEX_HOME}" if [ "/tmp/gh-aw/mcp-config/config.toml" != "${CODEX_HOME}/config.toml" ]; then cp "/tmp/gh-aw/mcp-config/config.toml" "${CODEX_HOME}/config.toml"; fi diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 2424608485..ec9592b83d 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -806,8 +806,22 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GH_AW_ASSETS_ALLOWED_EXTS", "GH_AW_ASSETS_BRANCH", "GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_SAFE_OUTPUTS", "GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "HOME", "OPENAI_API_KEY", "PATH"] + + model_provider = "openai-proxy" + + [model_providers.openai-proxy] + name = "OpenAI AWF proxy" + base_url = "http://172.30.0.30:10000" + env_key = "OPENAI_API_KEY" + supports_websockets = false GH_AW_CODEX_SHELL_POLICY_8df1e17e12a5553f_EOF - cat "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" + awk ' + BEGIN { skip_openai_proxy = 0 } + /^[[:space:]]*model_provider[[:space:]]*=/ { next } + /^\[model_providers\.openai-proxy\][[:space:]]*$/ { skip_openai_proxy = 1; next } + /^\[/ { skip_openai_proxy = 0 } + !skip_openai_proxy { print } + ' "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" chmod 600 "/tmp/gh-aw/mcp-config/config.toml" mkdir -p "${CODEX_HOME}" if [ "/tmp/gh-aw/mcp-config/config.toml" != "${CODEX_HOME}/config.toml" ]; then cp "/tmp/gh-aw/mcp-config/config.toml" "${CODEX_HOME}/config.toml"; fi diff --git a/.github/workflows/schema-feature-coverage.lock.yml b/.github/workflows/schema-feature-coverage.lock.yml index ef1b83b105..bf8555e9ff 100644 --- a/.github/workflows/schema-feature-coverage.lock.yml +++ b/.github/workflows/schema-feature-coverage.lock.yml @@ -698,8 +698,22 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GH_AW_ASSETS_ALLOWED_EXTS", "GH_AW_ASSETS_BRANCH", "GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_SAFE_OUTPUTS", "GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "HOME", "OPENAI_API_KEY", "PATH"] + + model_provider = "openai-proxy" + + [model_providers.openai-proxy] + name = "OpenAI AWF proxy" + base_url = "http://172.30.0.30:10000" + env_key = "OPENAI_API_KEY" + supports_websockets = false GH_AW_CODEX_SHELL_POLICY_12a1c9e5a4cc208c_EOF - cat "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" + awk ' + BEGIN { skip_openai_proxy = 0 } + /^[[:space:]]*model_provider[[:space:]]*=/ { next } + /^\[model_providers\.openai-proxy\][[:space:]]*$/ { skip_openai_proxy = 1; next } + /^\[/ { skip_openai_proxy = 0 } + !skip_openai_proxy { print } + ' "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" chmod 600 "/tmp/gh-aw/mcp-config/config.toml" mkdir -p "${CODEX_HOME}" if [ "/tmp/gh-aw/mcp-config/config.toml" != "${CODEX_HOME}/config.toml" ]; then cp "/tmp/gh-aw/mcp-config/config.toml" "${CODEX_HOME}/config.toml"; fi diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml index e653ad3238..a85768202c 100644 --- a/.github/workflows/smoke-call-workflow.lock.yml +++ b/.github/workflows/smoke-call-workflow.lock.yml @@ -709,8 +709,22 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GH_AW_ASSETS_ALLOWED_EXTS", "GH_AW_ASSETS_BRANCH", "GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_SAFE_OUTPUTS", "GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "HOME", "OPENAI_API_KEY", "PATH"] + + model_provider = "openai-proxy" + + [model_providers.openai-proxy] + name = "OpenAI AWF proxy" + base_url = "http://172.30.0.30:10000" + env_key = "OPENAI_API_KEY" + supports_websockets = false GH_AW_CODEX_SHELL_POLICY_2d745eed178272e7_EOF - cat "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" + awk ' + BEGIN { skip_openai_proxy = 0 } + /^[[:space:]]*model_provider[[:space:]]*=/ { next } + /^\[model_providers\.openai-proxy\][[:space:]]*$/ { skip_openai_proxy = 1; next } + /^\[/ { skip_openai_proxy = 0 } + !skip_openai_proxy { print } + ' "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" chmod 600 "/tmp/gh-aw/mcp-config/config.toml" mkdir -p "${CODEX_HOME}" if [ "/tmp/gh-aw/mcp-config/config.toml" != "${CODEX_HOME}/config.toml" ]; then cp "/tmp/gh-aw/mcp-config/config.toml" "${CODEX_HOME}/config.toml"; fi diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 1bab938487..dbc374b4a7 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -1217,8 +1217,22 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GH_AW_ASSETS_ALLOWED_EXTS", "GH_AW_ASSETS_BRANCH", "GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_SAFE_OUTPUTS", "GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "HOME", "OPENAI_API_KEY", "PATH"] + + model_provider = "openai-proxy" + + [model_providers.openai-proxy] + name = "OpenAI AWF proxy" + base_url = "http://172.30.0.30:10000" + env_key = "OPENAI_API_KEY" + supports_websockets = false GH_AW_CODEX_SHELL_POLICY_71ae115a66db43bd_EOF - cat "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" + awk ' + BEGIN { skip_openai_proxy = 0 } + /^[[:space:]]*model_provider[[:space:]]*=/ { next } + /^\[model_providers\.openai-proxy\][[:space:]]*$/ { skip_openai_proxy = 1; next } + /^\[/ { skip_openai_proxy = 0 } + !skip_openai_proxy { print } + ' "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" >> "/tmp/gh-aw/mcp-config/config.toml" chmod 600 "/tmp/gh-aw/mcp-config/config.toml" mkdir -p "${CODEX_HOME}" if [ "/tmp/gh-aw/mcp-config/config.toml" != "${CODEX_HOME}/config.toml" ]; then cp "/tmp/gh-aw/mcp-config/config.toml" "${CODEX_HOME}/config.toml"; fi diff --git a/pkg/workflow/codex_engine_test.go b/pkg/workflow/codex_engine_test.go index 751695691e..e920292175 100644 --- a/pkg/workflow/codex_engine_test.go +++ b/pkg/workflow/codex_engine_test.go @@ -4,6 +4,8 @@ package workflow import ( "fmt" + "net" + "strconv" "strings" "testing" @@ -370,7 +372,7 @@ func TestCodexEngineRenderMCPConfigOpenAIProxyProvider(t *testing.T) { func TestCodexEngineOpenAIProxyProviderBaseURL(t *testing.T) { engine := NewCodexEngine() - expected := fmt.Sprintf("http://%s:%d", constants.AWFAPIProxyContainerIP, constants.ClaudeLLMGatewayPort) + expected := "http://" + net.JoinHostPort(constants.AWFAPIProxyContainerIP, strconv.Itoa(constants.ClaudeLLMGatewayPort)) if actual := engine.getOpenAIProxyProviderBaseURL(); actual != expected { t.Errorf("Expected OpenAI proxy provider base URL %q, got %q", expected, actual)