[awf] API proxy: correct OpenAI base URL injection for Codex /v1/responses routing

[Copilot]

Codex runs were intermittently failing with 401 Unauthorized while using the API proxy sidecar path for OpenAI. The proxy wiring used an OpenAI base URL shape that can misroute newer clients targeting /v1/responses.

• OpenAI base URL contract

  • Updated agent-side OPENAI_BASE_URL injection to use the sidecar root URL (http://<api-proxy-ip>:10000) instead of appending /v1.
  • This keeps path composition in the client and avoids double/misaligned version prefixing.

• Config/test alignment

  • Updated docker-manager unit expectations for OPENAI_BASE_URL to the new root form.
  • Kept existing API proxy routing behavior unchanged (still transparent path forwarding and header injection).

• Docs consistency

  • Updated API proxy and authentication docs/types comments to reflect the new OPENAI_BASE_URL value.

// before
OPENAI_BASE_URL = `http://${proxyIp}:10000/v1`;

// after
OPENAI_BASE_URL = `http://${proxyIp}:10000`;

[github-actions]

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit d62e191

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	84.33%	84.41%	📈 +0.08%
Statements	83.56%	83.64%	📈 +0.08%
Functions	87.39%	87.39%	➡️ +0.00%
Branches	74.78%	74.82%	📈 +0.04%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	86.8% → 87.1% (+0.30%)	86.4% → 86.7% (+0.29%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

Adjusts AWF’s API-proxy OpenAI base-URL contract so newer OpenAI/Codex clients (including /v1/responses) compose paths correctly when routing through the sidecar, reducing intermittent 401 Unauthorized failures.

Changes:

• Set agent OPENAI_BASE_URL to the api-proxy root (http://<api-proxy-ip>:10000) instead of .../v1.
• Update docker-manager unit tests to match the new OPENAI_BASE_URL value.
• Update docs/comments to reflect the root-form OpenAI base URL in API proxy mode.

Show a summary per file

File	Description
src/types.ts	Updates the documented env var contract for OPENAI_BASE_URL in API proxy mode.
src/docker-manager.ts	Changes agent env injection to use the api-proxy root URL for OpenAI.
src/docker-manager.test.ts	Updates expectations for OPENAI_BASE_URL to match the new injection behavior.
docs/authentication-architecture.md	Aligns diagrams/examples with the new OpenAI base URL form.
docs/api-proxy-sidecar.md	Aligns API proxy docs and env var table with the new OpenAI base URL form.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 5/5 changed files
• Comments generated: 0

[github-actions]

Smoke Test Results

• ✅ GitHub MCP: "Optimize Smoke Claude workflow token spend..." / "Copilot/convert cli proxy to byok"
• ✅ Playwright: GitHub page title verified
• ✅ File write: /tmp/gh-aw/agent/smoke-test-claude-24593538065.txt created
• ✅ Bash verify: file content confirmed

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

🔥 Smoke Test Results

Test	Status
GitHub MCP (list merged PRs)	✅ Latest: #2065
GitHub.com connectivity (HTTP 200)	✅
File write/read	✅

Overall: PASS

PR by @app/copilot-swe-agent · Assignees: @lpcox, @Copilot
Title: [awf] API proxy: correct OpenAI base URL injection for Codex /v1/responses routing

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌ NO
Node.js	v24.14.1	v20.20.2	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Result: ❌ Not all tests passed — Python and Node.js versions differ between host and chroot.

Tested by Smoke Chroot

[github-actions]

Smoke Test: GitHub Actions Services Connectivity ✅

All checks passed:

Check	Result
Redis PING (host.docker.internal:6379)	✅ PONG
pg_isready (host.docker.internal:5432)	✅ accepting connections
SELECT 1 on smoketest DB as postgres	✅ returned 1

Note: redis-cli was not available; Redis connectivity was verified via raw TCP (nc).

🔌 Service connectivity validated by Smoke Services

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	passed	✅ PASS
Node.js	execa	✅	passed	✅ PASS
Node.js	p-limit	✅	passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #2066 · ● 759.7K · ◷

[github-actions]

Smoke Test: Copilot BYOK Offline Mode — PASS ✅

Test	Result
GitHub MCP (list PRs)	✅ PR #2066: "[awf] API proxy: correct OpenAI base URL injection for Codex /v1/responses routing"
GitHub.com connectivity	✅
File write/read (smoke-test-copilot-byok-24605120465.txt)	✅
BYOK inference (agent → api-proxy → api.githubcopilot.com)	✅

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com.
Author: @app/copilot-swe-agent · Assignees: @lpcox @Copilot

🔑 BYOK report filed by Smoke Copilot BYOK