Skip to content

[Duplicate Code] API proxy env-var constants still duplicated across TypeScript and CommonJS modules #5862

Description

@github-actions

Duplicate Code Opportunity

Summary

  • Pattern: Provider environment variable constants are manually maintained in both the TypeScript host code and the CommonJS api-proxy container code. The files even document that they must be kept in sync.
  • Locations: src/api-proxy-env-constants.ts lines 8-39 and containers/api-proxy/provider-env-constants.js lines 10-41.
  • Impact: About 30 duplicated constant lines remain in a security-critical credential routing path. Drift can cause the host wrapper to forward one env var while the sidecar reads another, breaking credential isolation. This appears to reproduce the class tracked in completed issue [Duplicate Code] API proxy provider env-var constants are maintained in parallel JS and TypeScript files #5827, so filing a fresh issue because the duplication is still present.

Evidence

TypeScript host-side constants:

// src/api-proxy-env-constants.ts:8-39
export const OPENAI_ENV = {
  KEY: 'OPENAI_API_KEY',
  TARGET: 'OPENAI_API_TARGET',
  BASE_PATH: 'OPENAI_API_BASE_PATH',
  AUTH_HEADER: 'AWF_OPENAI_AUTH_HEADER',
} as const;

export const ANTHROPIC_ENV = {
  KEY: 'ANTHROPIC_API_KEY',
  TARGET: 'ANTHROPIC_API_TARGET',
  BASE_PATH: 'ANTHROPIC_API_BASE_PATH',
  AUTH_HEADER: 'AWF_ANTHROPIC_AUTH_HEADER',
} as const;

export const GEMINI_ENV = {
  KEY: 'GEMINI_API_KEY',
  TARGET: 'GEMINI_API_TARGET',
  BASE_PATH: 'GEMINI_API_BASE_PATH',
} as const;

export const COPILOT_ENV = {
  GITHUB_TOKEN: 'COPILOT_GITHUB_TOKEN',
  PROVIDER_API_KEY: 'COPILOT_PROVIDER_API_KEY',
  PROVIDER_TYPE: 'COPILOT_PROVIDER_TYPE',
  PROVIDER_BASE_URL: 'COPILOT_PROVIDER_BASE_URL',
  API_TARGET: 'COPILOT_API_TARGET',
  API_BASE_PATH: 'COPILOT_API_BASE_PATH',
} as const;

CommonJS sidecar constants duplicate the same values:

// containers/api-proxy/provider-env-constants.js:10-41
const OPENAI_ENV = /** `@type` {const} */ ({
  KEY: 'OPENAI_API_KEY',
  TARGET: 'OPENAI_API_TARGET',
  BASE_PATH: 'OPENAI_API_BASE_PATH',
  AUTH_HEADER: 'AWF_OPENAI_AUTH_HEADER',
});

const ANTHROPIC_ENV = /** `@type` {const} */ ({
  KEY: 'ANTHROPIC_API_KEY',
  TARGET: 'ANTHROPIC_API_TARGET',
  BASE_PATH: 'ANTHROPIC_API_BASE_PATH',
  AUTH_HEADER: 'AWF_ANTHROPIC_AUTH_HEADER',
});

const GEMINI_ENV = /** `@type` {const} */ ({
  KEY: 'GEMINI_API_KEY',
  TARGET: 'GEMINI_API_TARGET',
  BASE_PATH: 'GEMINI_API_BASE_PATH',
});

const COPILOT_ENV = /** `@type` {const} */ ({
  GITHUB_TOKEN: 'COPILOT_GITHUB_TOKEN',
  PROVIDER_API_KEY: 'COPILOT_PROVIDER_API_KEY',
  PROVIDER_TYPE: 'COPILOT_PROVIDER_TYPE',
  PROVIDER_BASE_URL: 'COPILOT_PROVIDER_BASE_URL',
  API_TARGET: 'COPILOT_API_TARGET',
  API_BASE_PATH: 'COPILOT_API_BASE_PATH',
});

Both files explicitly acknowledge the duplication:

// src/api-proxy-env-constants.ts:4-5
// The CommonJS equivalent lives in containers/api-proxy/provider-env-constants.js.
// Keep both files in sync; src/api-proxy-env-constants-sync.test.ts enforces parity.
// containers/api-proxy/provider-env-constants.js:6-7
// The TypeScript equivalent lives in src/api-proxy-env-constants.ts.
// Keep both files in sync; src/api-proxy-env-constants-sync.test.ts enforces parity.

Suggested Refactoring

Make one source authoritative. Options:

  • Store the constants in a small JSON file and generate both src/api-proxy-env-constants.ts and containers/api-proxy/provider-env-constants.js during build/test.
  • Or move the constants to a CommonJS-compatible JS module with JSDoc types and import it from TypeScript with generated .d.ts typings.

Either approach removes manual sync and lets the existing parity test become a generated-file freshness check.

Affected Files

Effort Estimate

Low


Detected by Duplicate Code Detector workflow. Run date: 2026-07-03

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Duplicate Code Detector · 260.8 AIC · ⊞ 20.1K ·

  • expires on Aug 2, 2026, 6:52 AM UTC

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions