-
Notifications
You must be signed in to change notification settings - Fork 18
docs: add API Proxy section to CLI reference #1607
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Mossaka
merged 2 commits into
main
from
copilot/add-api-proxy-section-to-cli-reference-again
Apr 2, 2026
+179
−0
Merged
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -52,6 +52,16 @@ awf [options] -- <command> | |||||
| | `--enable-dind` | flag | `false` | Enable Docker-in-Docker by exposing host Docker socket | | ||||||
| | `--enable-dlp` | flag | `false` | Enable DLP scanning to block credential exfiltration | | ||||||
| | `--agent-image <value>` | string | `default` | Agent container image (default, act, or custom) | | ||||||
| | `--enable-api-proxy` | flag | `false` | Enable API proxy sidecar for secure credential injection | | ||||||
| | `--copilot-api-target <host>` | string | `api.githubcopilot.com` | Target hostname for Copilot API requests | | ||||||
| | `--openai-api-target <host>` | string | `api.openai.com` | Target hostname for OpenAI API requests | | ||||||
| | `--openai-api-base-path <path>` | string | — | Base path prefix for OpenAI API requests | | ||||||
| | `--anthropic-api-target <host>` | string | `api.anthropic.com` | Target hostname for Anthropic API requests | | ||||||
| | `--anthropic-api-base-path <path>` | string | — | Base path prefix for Anthropic API requests | | ||||||
| | `--rate-limit-rpm <n>` | number | `600` | Max requests per minute per provider | | ||||||
| | `--rate-limit-rph <n>` | number | `10000` | Max requests per hour per provider | | ||||||
| | `--rate-limit-bytes-pm <n>` | number | `52428800` (~50 MB) | Max request bytes per minute per provider | | ||||||
| | `--no-rate-limit` | flag | — | Disable rate limiting in API proxy | | ||||||
| | `-V, --version` | flag | — | Display version | | ||||||
| | `-h, --help` | flag | — | Display help | | ||||||
|
|
||||||
|
|
@@ -573,6 +583,174 @@ sudo awf --enable-dlp --allow-domains github.com \ | |||||
| Enable DLP scanning as a defense-in-depth measure when running untrusted code that has access to environment variables or files containing credentials. | ||||||
| ::: | ||||||
|
|
||||||
| ### `--enable-api-proxy` | ||||||
|
|
||||||
| Enable the API proxy sidecar for secure credential injection. The sidecar is a Node.js proxy (`172.30.0.30`) that holds real API credentials so the agent never sees them. The agent sends unauthenticated requests to the sidecar, which injects the credentials and forwards the request through Squid to the upstream API. | ||||||
|
|
||||||
| ```bash | ||||||
| # Enable with keys from environment | ||||||
| export OPENAI_API_KEY="sk-..." | ||||||
| export ANTHROPIC_API_KEY="sk-ant-..." | ||||||
| sudo -E awf --enable-api-proxy \ | ||||||
| --allow-domains api.openai.com,api.anthropic.com \ | ||||||
| -- command | ||||||
| ``` | ||||||
|
|
||||||
| **Required environment variables** (at least one): | ||||||
|
|
||||||
| | Variable | Provider | | ||||||
| |----------|----------| | ||||||
| | `OPENAI_API_KEY` | OpenAI / Codex | | ||||||
| | `ANTHROPIC_API_KEY` | Anthropic / Claude | | ||||||
| | `COPILOT_GITHUB_TOKEN` | GitHub Copilot | | ||||||
|
|
||||||
|
Comment on lines
+599
to
+606
|
||||||
| **Sidecar ports:** | ||||||
|
|
||||||
| | Port | Provider | | ||||||
| |------|----------| | ||||||
| | `10000` | OpenAI | | ||||||
| | `10001` | Anthropic | | ||||||
| | `10002` | GitHub Copilot | | ||||||
| | `10004` | OpenCode | | ||||||
|
|
||||||
| :::tip | ||||||
| Use `sudo -E` to preserve environment variables like API keys through sudo. | ||||||
| ::: | ||||||
|
|
||||||
| :::danger[Security] | ||||||
| API keys are held exclusively in the sidecar container. The agent container receives only the sidecar proxy URL — never the actual credentials. | ||||||
| ::: | ||||||
|
|
||||||
| ### `--copilot-api-target <host>` | ||||||
|
|
||||||
| Target hostname for GitHub Copilot API requests. Useful for GitHub Enterprise Server (GHES) deployments where the Copilot API endpoint differs from the public default. Can also be set via the `COPILOT_API_TARGET` environment variable. | ||||||
|
|
||||||
| - **Default:** `api.githubcopilot.com` | ||||||
| - **Requires:** `--enable-api-proxy` | ||||||
|
||||||
| - **Requires:** `--enable-api-proxy` | |
| - **Only takes effect with:** `--enable-api-proxy` |
Copilot
AI
Apr 2, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This caution says custom --*-api-target domains must be manually added to --allow-domains and that AWF will warn if they’re missing. However, the CLI currently auto-merges API target values (from flags or env) into the allowlist via resolveApiTargetsToAllowedDomains, so users generally don’t need to add them explicitly and won’t see that warning. Consider updating this note to reflect the auto-allowlisting behavior (and any remaining cases where a warning can still occur).
Suggested change
| When using a custom `--openai-api-target` or `--anthropic-api-target`, you must add the target domain to `--allow-domains` so the firewall permits outbound traffic. AWF emits a warning if a custom target is set but not in the allowlist. | |
| When you use a custom `--openai-api-target` or `--anthropic-api-target`, AWF normally adds that target domain to the effective allowlist automatically (including when the target is provided via environment variables), so you usually do not need to add it manually to `--allow-domains`. If AWF cannot resolve or apply the custom target as expected, you may still need to verify that the target domain is allowed, and a warning can still appear in those cases. |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Options Summary table lists
--rate-limit-*defaults as always-on numeric values, butbuildRateLimitConfigonly applies these defaults when rate limiting is enabled (i.e., when at least one--rate-limit-*flag is provided). Consider updating the defaults column to reflect this (e.g., “600 (when enabled)”) to avoid implying rate limiting is enabled by default.