fix: fix API proxy sidecar bugs preventing Anthropic-only usage

containers/agent/setup-iptables.sh

@@ -127,6 +127,13 @@ fi
 echo "[iptables] Allow traffic to Squid proxy (${SQUID_IP}:${SQUID_PORT})..."
 iptables -t nat -A OUTPUT -d "$SQUID_IP" -j RETURN
 
+# Allow traffic to API proxy sidecar (when enabled)
+# AWF_API_PROXY_IP is set by docker-manager.ts when --enable-api-proxy is used
+if [ -n "$AWF_API_PROXY_IP" ]; then
+  echo "[iptables] Allow traffic to API proxy sidecar (${AWF_API_PROXY_IP})..."
+  iptables -t nat -A OUTPUT -d "$AWF_API_PROXY_IP" -j RETURN
+fi
+
 # Bypass Squid for host.docker.internal when host access is enabled.
 # MCP gateway traffic to host.docker.internal gets DNAT'd to Squid,
 # where Squid fails with "Invalid URL" because rmcp sends relative URLs.
@@ -263,6 +270,11 @@ iptables -A OUTPUT -p tcp -d 127.0.0.11 --dport 53 -j ACCEPT
 # Allow traffic to Squid proxy (after NAT redirection)
 iptables -A OUTPUT -p tcp -d "$SQUID_IP" -j ACCEPT
 
+# Allow traffic to API proxy sidecar (when enabled)
+if [ -n "$AWF_API_PROXY_IP" ]; then
+  iptables -A OUTPUT -p tcp -d "$AWF_API_PROXY_IP" -j ACCEPT
+fi
+
 # Drop all other TCP traffic (default deny policy)
 # This ensures that only explicitly allowed ports can be accessed
 echo "[iptables] Drop all non-redirected TCP traffic (default deny)..."

containers/api-proxy/Dockerfile

@@ -11,8 +11,8 @@ WORKDIR /app
 # Copy package files
 COPY package*.json ./
 
-# Install dependencies
-RUN npm ci --only=production
+# Install dependencies from lockfile (deterministic)
+RUN npm ci --omit=dev
 
 # Copy application files
 COPY server.js ./

containers/api-proxy/package.json

@@ -7,8 +7,7 @@
     "start": "node server.js"
   },
   "dependencies": {
-    "express": "^4.18.2",
-    "http-proxy-middleware": "^2.0.6"
+    "https-proxy-agent": "^7.0.6"
   },
   "engines": {
     "node": ">=18.0.0"

containers/api-proxy/server.js

@@ -10,19 +10,46 @@
  * 4. Respects domain whitelisting enforced by Squid
  */
 
-const express = require('express');
-const { createProxyMiddleware } = require('http-proxy-middleware');
+const http = require('http');
+const https = require('https');
+const { URL } = require('url');
+const { HttpsProxyAgent } = require('https-proxy-agent');
+
+// Max request body size (10 MB) to prevent DoS via large payloads
+const MAX_BODY_SIZE = 10 * 1024 * 1024;
+
+// Headers that must never be forwarded from the client.
+// The proxy controls authentication — client-supplied auth/proxy headers are stripped.
+const STRIPPED_HEADERS = new Set([
+  'host',
+  'authorization',
+  'proxy-authorization',
+  'x-api-key',
+  'forwarded',
+  'via',
+]);
+
+/** Returns true if the header name should be stripped (case-insensitive). */
+function shouldStripHeader(name) {
+  const lower = name.toLowerCase();
+  return STRIPPED_HEADERS.has(lower) || lower.startsWith('x-forwarded-');
+}
+
+/** Sanitize a string for safe logging (strip control chars, limit length). */
+function sanitizeForLog(str) {
+  if (typeof str !== 'string') return '';
+  // eslint-disable-next-line no-control-regex
+  return str.replace(/[\x00-\x1f\x7f]/g, '').slice(0, 200);
+}
 
 // Read API keys from environment (set by docker-compose)
 const OPENAI_API_KEY = process.env.OPENAI_API_KEY;
 const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
 
 // Squid proxy configuration (set via HTTP_PROXY/HTTPS_PROXY in docker-compose)
-const HTTP_PROXY = process.env.HTTP_PROXY;
-const HTTPS_PROXY = process.env.HTTPS_PROXY;
+const HTTPS_PROXY = process.env.HTTPS_PROXY || process.env.HTTP_PROXY;
 
 console.log('[API Proxy] Starting AWF API proxy sidecar...');
-console.log(`[API Proxy] HTTP_PROXY: ${HTTP_PROXY}`);
 console.log(`[API Proxy] HTTPS_PROXY: ${HTTPS_PROXY}`);
 if (OPENAI_API_KEY) {
   console.log('[API Proxy] OpenAI API key configured');
@@ -31,72 +58,174 @@
   console.log('[API Proxy] Anthropic API key configured');
 }
 
-// Create Express app
-const app = express();
-
-// Health check endpoint
-app.get('/health', (req, res) => {
-  res.status(200).json({
-    status: 'healthy',
-    service: 'awf-api-proxy',
-    squid_proxy: HTTP_PROXY || 'not configured',
-    providers: {
-      openai: !!OPENAI_API_KEY,
-      anthropic: !!ANTHROPIC_API_KEY
+// Create proxy agent for routing through Squid
+const proxyAgent = HTTPS_PROXY ? new HttpsProxyAgent(HTTPS_PROXY) : undefined;
+if (!proxyAgent) {
+  console.warn('[API Proxy] WARNING: No HTTPS_PROXY configured, requests will go direct');
+}
+
+/**
+ * Forward a request to the target API, injecting auth headers and routing through Squid.
+ */
+function proxyRequest(req, res, targetHost, injectHeaders) {
+  // Validate that req.url is a relative path (prevent open-redirect / SSRF)
+  if (!req.url || !req.url.startsWith('/')) {
+    res.writeHead(400, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: 'Bad Request', message: 'URL must be a relative path' }));
+    return;
+  }
+
+  // Build target URL
+  const targetUrl = new URL(req.url, `https://${targetHost}`);
+
+  // Handle client-side errors (e.g. aborted connections)
+  req.on('error', (err) => {
+    console.error(`[API Proxy] Client request error: ${sanitizeForLog(err.message)}`);
+    if (!res.headersSent) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
     }
+    res.end(JSON.stringify({ error: 'Client error', message: err.message }));
   });
-});
+
+  // Read the request body with size limit
+  const chunks = [];
+  let totalBytes = 0;
+  let rejected = false;
+
+  req.on('data', chunk => {
+    if (rejected) return;
+    totalBytes += chunk.length;
+    if (totalBytes > MAX_BODY_SIZE) {
+      rejected = true;
+      if (!res.headersSent) {
+        res.writeHead(413, { 'Content-Type': 'application/json' });
+      }
+      res.end(JSON.stringify({ error: 'Payload Too Large', message: 'Request body exceeds 10 MB limit' }));
+      return;
+    }
+    chunks.push(chunk);
+  });
+
+  req.on('end', () => {
+    if (rejected) return;
+    const body = Buffer.concat(chunks);
+
+    // Copy incoming headers, stripping sensitive/proxy headers, then inject auth
+    const headers = {};
+    for (const [name, value] of Object.entries(req.headers)) {
+      if (!shouldStripHeader(name)) {
+        headers[name] = value;
+      }
+    }
+    Object.assign(headers, injectHeaders);
+
+    const options = {
+      hostname: targetHost,
+      port: 443,
+      path: targetUrl.pathname + targetUrl.search,
+      method: req.method,
+      headers,
+      agent: proxyAgent, // Route through Squid
+    };
+
+    const proxyReq = https.request(options, (proxyRes) => {
+      // Handle response stream errors
+      proxyRes.on('error', (err) => {
+        console.error(`[API Proxy] Response stream error from ${targetHost}: ${sanitizeForLog(err.message)}`);
+        if (!res.headersSent) {
+          res.writeHead(502, { 'Content-Type': 'application/json' });
+        }
+        res.end(JSON.stringify({ error: 'Response stream error', message: err.message }));
+      });
+
+      res.writeHead(proxyRes.statusCode, proxyRes.headers);
+      proxyRes.pipe(res);
+    });
+
+    proxyReq.on('error', (err) => {
+      console.error(`[API Proxy] Error proxying to ${targetHost}: ${sanitizeForLog(err.message)}`);
+      if (!res.headersSent) {
+        res.writeHead(502, { 'Content-Type': 'application/json' });
+      }
+      res.end(JSON.stringify({ error: 'Proxy error', message: err.message }));
+    });
+
+    if (body.length > 0) {
+      proxyReq.write(body);
+    }
+    proxyReq.end();
+  });
+}
+
+// Health port is always 10000 — this is what Docker healthcheck hits
+const HEALTH_PORT = 10000;
 
 // OpenAI API proxy (port 10000)
 if (OPENAI_API_KEY) {
-  app.use(createProxyMiddleware({
-    target: 'https://api.openai.com',
-    changeOrigin: true,
-    secure: true,
-    onProxyReq: (proxyReq, req, res) => {
-      // Inject Authorization header
-      proxyReq.setHeader('Authorization', `Bearer ${OPENAI_API_KEY}`);
-      console.log(`[OpenAI Proxy] ${req.method} ${req.url}`);
-    },
-    onError: (err, req, res) => {
-      console.error(`[OpenAI Proxy] Error: ${err.message}`);
-      res.status(502).json({ error: 'Proxy error', message: err.message });
+  const server = http.createServer((req, res) => {
+    if (req.url === '/health' && req.method === 'GET') {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({
+        status: 'healthy',
+        service: 'awf-api-proxy',
+        squid_proxy: HTTPS_PROXY || 'not configured',
+        providers: { openai: true, anthropic: !!ANTHROPIC_API_KEY },
+      }));
+      return;
+    }
+
+    console.log(`[OpenAI Proxy] ${sanitizeForLog(req.method)} ${sanitizeForLog(req.url)}`);
+    proxyRequest(req, res, 'api.openai.com', {
+      'Authorization': `Bearer ${OPENAI_API_KEY}`,
+    });
+  });
+
+  server.listen(HEALTH_PORT, '0.0.0.0', () => {
+    console.log(`[API Proxy] OpenAI proxy listening on port ${HEALTH_PORT}`);
+  });
+} else {
+  // No OpenAI key — still need a health endpoint on port 10000 for Docker healthcheck
+  const server = http.createServer((req, res) => {
+    if (req.url === '/health' && req.method === 'GET') {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({
+        status: 'healthy',
+        service: 'awf-api-proxy',
+        squid_proxy: HTTPS_PROXY || 'not configured',
+        providers: { openai: false, anthropic: !!ANTHROPIC_API_KEY },
+      }));
+      return;
     }
-  }));
 
-  app.listen(10000, '0.0.0.0', () => {
-    console.log('[API Proxy] OpenAI proxy listening on port 10000');
-    console.log('[API Proxy] Routing through Squid to api.openai.com');
+    res.writeHead(404, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: 'OpenAI proxy not configured (no OPENAI_API_KEY)' }));
+  });
+
+  server.listen(HEALTH_PORT, '0.0.0.0', () => {
+    console.log(`[API Proxy] Health endpoint listening on port ${HEALTH_PORT} (OpenAI not configured)`);
   });
 }
 
 // Anthropic API proxy (port 10001)
 if (ANTHROPIC_API_KEY) {
-  const anthropicApp = express();
-
-  anthropicApp.get('/health', (req, res) => {
-    res.status(200).json({ status: 'healthy', service: 'anthropic-proxy' });
-  });
+  const server = http.createServer((req, res) => {
+    if (req.url === '/health' && req.method === 'GET') {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ status: 'healthy', service: 'anthropic-proxy' }));
+      return;
+    }
 
-  anthropicApp.use(createProxyMiddleware({
-    target: 'https://api.anthropic.com',
-    changeOrigin: true,
-    secure: true,
-    onProxyReq: (proxyReq, req, res) => {
-      // Inject Anthropic authentication headers
-      proxyReq.setHeader('x-api-key', ANTHROPIC_API_KEY);
-      proxyReq.setHeader('anthropic-version', '2023-06-01');
-      console.log(`[Anthropic Proxy] ${req.method} ${req.url}`);
-    },
-    onError: (err, req, res) => {
-      console.error(`[Anthropic Proxy] Error: ${err.message}`);
-      res.status(502).json({ error: 'Proxy error', message: err.message });
+    console.log(`[Anthropic Proxy] ${sanitizeForLog(req.method)} ${sanitizeForLog(req.url)}`);
+    // Only set anthropic-version as default; preserve agent-provided version
+    const anthropicHeaders = { 'x-api-key': ANTHROPIC_API_KEY };
+    if (!req.headers['anthropic-version']) {
+      anthropicHeaders['anthropic-version'] = '2023-06-01';
     }
-  }));
+    proxyRequest(req, res, 'api.anthropic.com', anthropicHeaders);
+  });
 
-  anthropicApp.listen(10001, '0.0.0.0', () => {
+  server.listen(10001, '0.0.0.0', () => {
     console.log('[API Proxy] Anthropic proxy listening on port 10001');
-    console.log('[API Proxy] Routing through Squid to api.anthropic.com');
   });
 }