feat(api-proxy): replace Node.js proxy with nginx

[Claude]

Replaces the Node.js-based API proxy with nginx to provide better performance and enable proper support for both OpenAI and Anthropic APIs through the firewall.

Changes

• Replaced Express/http-proxy-middleware with nginx reverse proxy

  • OpenAI API on port 10000 with Authorization: Bearer ${OPENAI_API_KEY}
  • Anthropic API on port 10001 with x-api-key: ${ANTHROPIC_API_KEY}
  • Uses sed-based variable substitution in entrypoint (no external dependencies)

• Fixed Anthropic API key handling

  • Previously: Anthropic keys passed directly to agent (bypassing proxy)
  • Now: Both API keys passed to api-proxy container and excluded from agent
  • Sets ANTHROPIC_BASE_URL=http://172.30.0.30:10001 in agent environment

• Updated docker-manager.ts

  • Deploys api-proxy when either openaiApiKey or anthropicApiKey is provided
  • Passes both keys to proxy container via environment
  • Excludes both keys from agent container environment

Implementation

The nginx configuration routes all traffic through Squid to respect domain whitelisting while injecting authentication tokens:

# OpenAI proxy (port 10000)
location / {
    proxy_set_header Authorization "Bearer ${OPENAI_API_KEY}";
    proxy_pass https://api.openai.com;
}

# Anthropic proxy (port 10001)  
location / {
    proxy_set_header x-api-key "${ANTHROPIC_API_KEY}";
    proxy_pass https://api.anthropic.com;
}

Both proxies maintain the same security model: API keys remain isolated in the sidecar container and are never exposed to the agent.

[github-actions]

Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

Bun Build Test Results

Project	Install	Tests	Status
elysia	✅	1/1	PASS
hono	✅	1/1	PASS

Overall: PASS ✅

All tests completed successfully with Bun v1.3.9.

AI generated by Build Test Bun

[github-actions]

Smoke Test Results

✅ GitHub MCP: Retrieved last 2 merged PRs (#827, #826)
✅ Playwright: Verified GitHub homepage title
✅ File Write: Created test file successfully
✅ Bash: Verified file content

Overall: PASS

cc: @Claude @lpcox

AI generated by Smoke Copilot

[github-actions]

Build Test: Deno ✅

Project	Tests	Status
oak	1/1	✅ PASS
std	1/1	✅ PASS

Overall: PASS

All Deno tests passed successfully.

AI generated by Build Test Deno

[github-actions]

Node.js Build Test Results ✅

All projects successfully installed dependencies and passed tests.

Project	Install	Tests	Status
clsx	✅	PASS	✅ PASS
execa	✅	PASS	✅ PASS
p-limit	✅	PASS	✅ PASS

Overall: ✅ PASS

AI generated by Build Test Node.js

[github-actions]

Go Build Test Results

Project	Download	Tests	Status
color	✅	1/1	PASS
env	✅	1/1	PASS
uuid	✅	1/1	PASS

Overall: PASS ✅

All Go projects built and tested successfully.

AI generated by Build Test Go

[github-actions]

Build Test: Rust Results

Project	Build	Tests	Status
fd	✅	1/1	PASS
zoxide	✅	1/1	PASS

Overall: PASS ✅

All Rust projects built and tested successfully.

AI generated by Build Test Rust

[github-actions]

Java Build Test Results

Project	Compile	Tests	Status
gson	✅	1/1	PASS
caffeine	✅	1/1	PASS

Overall: PASS ✅

All Java projects compiled successfully and tests passed through the AWF firewall with Maven proxy configuration.

AI generated by Build Test Java

[github-actions]

.NET Build Test Results

Project	Restore	Build	Run	Status
hello-world	✅	✅	✅	PASS
json-parse	✅	✅	✅	PASS

Overall: PASS ✅

All .NET projects successfully restored, built, and ran with expected output.

AI generated by Build Test .NET

[github-actions]

Chroot Version Comparison Test Results

Runtime	Host Version	Chroot Version	Match?
Python	3.12.12	3.12.3	❌ NO
Node.js	v24.13.0	v20.20.0	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Overall Result: ❌ Tests FAILED

Python and Node.js versions differ between host and chroot environments. Only Go versions match correctly.

AI generated by Smoke Chroot