Skip to content

feat: add Vertex AI provider to api-proxy credential isolation (port 10004)#5878

Merged
lpcox merged 4 commits into
mainfrom
copilot/add-vertex-ai-credential-provider
Jul 3, 2026
Merged

feat: add Vertex AI provider to api-proxy credential isolation (port 10004)#5878
lpcox merged 4 commits into
mainfrom
copilot/add-vertex-ai-credential-provider

Conversation

Copilot AI commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

GOOGLE_API_KEY (Vertex AI mode) had no proxy path — the real key either leaked into the agent sandbox or caused gemini-cli startup failures, and all Vertex traffic bypassed the api-proxy so token/cost telemetry was never emitted.

Changes

New Vertex AI provider adapter (containers/api-proxy/providers/vertex.js)

  • Port 10004, target aiplatform.googleapis.com, auth via x-goog-api-key header
  • alwaysBind: true — returns 503 when unconfigured (consistent with Gemini)
  • Registered in providers/index.js alongside the existing four adapters

TypeScript host-side wiring

  • API_PROXY_PORTS.VERTEX = 10004 in src/types/ports.ts
  • googleApiKey?: string field on WrapperConfig (reads GOOGLE_API_KEY from env, redacted from audit logs)
  • vertexApiTarget? / vertexApiBasePath? routing overrides in ApiProxyRoutingOptions
  • VERTEX_ENV added to the shared provider-env-constants.json (single source of truth for both TS host and JS sidecar)

Credential isolation

  • vertex-credential-env.ts: injects GOOGLE_VERTEX_BASE_URL=http://api-proxy:10004 + GOOGLE_API_KEY=google-api-key-placeholder-for-credential-isolation into the agent env; real key stays in the sidecar only
  • excluded-vars.ts: GOOGLE_API_KEY and GOOGLE_VERTEX_BASE_URL excluded from agent env when --enable-api-proxy is active
  • buildApiProxyBaseEnv forwards real GOOGLE_API_KEY to the sidecar container

Validation / diagnostics

  • validateApiProxyConfig gains a hasGoogleApiKey param; "no keys found" warning and startup log updated to mention GOOGLE_API_KEY
  • .gemini home dir mount/pre-creation now also triggers on googleApiKey (same CLI, same config dir)

Usage: export GOOGLE_API_KEY in the runner env, set GOOGLE_GENAI_USE_VERTEXAI: "true" in engine.env — AWF holds the real key in the sidecar and routes Vertex traffic through the proxy.

Copilot AI linked an issue Jul 3, 2026 that may be closed by this pull request
Copilot AI changed the title [WIP] Add Vertex AI provider for credential isolation feat: add Vertex AI provider to api-proxy credential isolation (port 10004) Jul 3, 2026
Copilot AI requested a review from lpcox July 3, 2026 15:53
Copilot finished work on behalf of lpcox July 3, 2026 15:53
@lpcox lpcox marked this pull request as ready for review July 3, 2026 16:00
Copilot AI review requested due to automatic review settings July 3, 2026 16:00

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new Google Vertex AI (Vertex mode for Gemini CLI) credential-isolation path to the AWF api-proxy sidecar, so GOOGLE_API_KEY stays in the sidecar and Vertex traffic is routed through the proxy for telemetry and policy enforcement.

Changes:

  • Introduces a new api-proxy provider adapter for Vertex AI on port 10004 and wires it into the sidecar provider registry.
  • Adds host-side config/env plumbing for GOOGLE_API_KEY (sidecar) + GOOGLE_VERTEX_BASE_URL (agent placeholder routing), plus routing override fields (vertexApiTarget / vertexApiBasePath).
  • Extends credential-isolation exclusions, home directory mounts, and unit tests to cover the new provider.
Show a summary per file
File Description
src/workdir-setup.ts Mount/precreate .gemini when googleApiKey is present.
src/types/ports.ts Adds API_PROXY_PORTS.VERTEX = 10004.
src/types/api-proxy-routing-options.ts Adds Vertex routing override fields (vertexApiTarget, vertexApiBasePath).
src/types/api-proxy-credential-options.ts Adds googleApiKey?: string and documents Vertex env behavior.
src/services/credentials/vertex-credential-env.ts Injects GOOGLE_VERTEX_BASE_URL + placeholder GOOGLE_API_KEY into agent env.
src/services/api-proxy-service-split.test.ts Adds unit test coverage for Vertex agent env injection.
src/services/api-proxy-env-config.ts Forwards Vertex target/basePath and GOOGLE_API_KEY into sidecar env.
src/services/api-proxy-credential-env.ts Includes Vertex credential env builder in agent additions.
src/services/agent-volumes/home-strategy.ts Mounts .gemini when googleApiKey is present.
src/services/agent-environment/excluded-vars.ts Excludes GOOGLE_API_KEY / GOOGLE_VERTEX_BASE_URL from agent passthrough when api-proxy enabled.
src/services/agent-environment/excluded-vars.test.ts Adds tests for new excluded env vars.
src/security-module-coverage.test.ts Adds coverage checks for buildVertexCredentialEnv.
src/commands/validators/config-assembly.ts Includes Vertex in api-proxy validation/logging.
src/commands/resolve-credentials.ts Resolves googleApiKey and Vertex routing overrides from env/options.
src/commands/resolve-credentials.test.ts Tests GOOGLE_API_KEY + Vertex override env parsing.
src/commands/main-action.ts Marks googleApiKey as sensitive for redaction.
src/commands/build-config.test.ts Tests that GOOGLE_API_KEY is read into config.
src/api-proxy-env-constants.ts Exports VERTEX_ENV from shared constants.
src/api-proxy-env-constants-sync.test.ts Ensures TS constants stay in sync with sidecar JSON.
src/api-proxy-config-validation.ts Updates “no keys found” warnings and debug messages to include Vertex key.
containers/api-proxy/providers/vertex.js Implements Vertex provider adapter (port 10004, x-goog-api-key).
containers/api-proxy/providers/index.js Registers Vertex adapter in createAllAdapters().
containers/api-proxy/provider-env-constants.json Adds VERTEX_ENV mapping for env var names.
containers/api-proxy/Dockerfile Exposes port 10004 for the new provider.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 24/24 changed files
  • Comments generated: 3
  • Review effort level: Low

Comment thread src/workdir-setup.ts
Comment on lines 232 to 236
const hostHomeMountSourceDirs = [
'.copilot', '.cache', '.config', '.local',
'.anthropic', '.claude', '.cargo', '.rustup', '.npm', '.nvm',
...(config.geminiApiKey ? ['.gemini'] : []),
...(config.geminiApiKey || config.googleApiKey ? ['.gemini'] : []),
];
Comment on lines +232 to +235
* Can be set via:
* - CLI flag: `--vertex-api-target <host>`
* - Environment variable: `VERTEX_API_TARGET`
*
Comment on lines 55 to +59
# 10001 - Anthropic API proxy
# 10002 - GitHub Copilot API proxy
# 10003 - Google Gemini API proxy
EXPOSE 10000 10001 10002 10003
# 10004 - Google Vertex AI API proxy
EXPOSE 10000 10001 10002 10003 10004
@lpcox

lpcox commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

@copilot address review feedback

Copilot AI commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

@copilot address review feedback

Addressed in 27973c1.

Included fixes for .gemini ownership repair in Vertex mode, added --vertex-api-target/--vertex-api-base-path CLI flags with allowlist+warning plumbing, and updated API proxy docs for port 10004 and Vertex env behavior.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

✅ Copilot review passed with no inline comments.

@copilot Add the ready-for-aw label to this PR to trigger agentic CI smoke tests.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit 802243e

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric Base PR Delta
Lines 98.61% 98.63% 📈 +0.02%
Statements 98.53% 98.55% 📈 +0.02%
Functions 99.43% 99.44% ➡️ +0.01%
Branches 94.37% 94.34% 📉 -0.03%
📁 Per-file Coverage Changes (3 files)
File Lines (Before → After) Statements (Before → After)
src/api-proxy-config-validation.ts 100.0% → 96.0% (-4.00%) 100.0% → 96.0% (-4.00%)
src/api-proxy-config-domains.ts 100.0% → 100.0% (+0.00%) 98.8% → 98.9% (+0.05%)
src/workdir-setup.ts 93.0% → 94.9% (+1.87%) 93.0% → 94.9% (+1.87%)
✨ New Files (1 files)
  • src/services/credentials/vertex-credential-env.ts: 100.0% lines

Coverage comparison generated by scripts/ci/compare-coverage.ts

@lpcox

lpcox commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Copilot AI commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

@copilot address this failing ci check https://github.com/github/gh-aw-firewall/actions/runs/28675505924/job/85048023189?pr=5878

Fixed in 1647f92. I reproduced the failing Build Verification job locally and updated the API proxy unit tests to include the new Vertex provider (5 providers/endpoints, vertex fallback entry, port 10004, and null models_url expectation).

Copilot finished work on behalf of lpcox July 3, 2026 17:45
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric Base PR Delta
Lines 98.61% 98.63% 📈 +0.02%
Statements 98.53% 98.55% 📈 +0.02%
Functions 99.43% 99.44% ➡️ +0.01%
Branches 94.37% 94.34% 📉 -0.03%
📁 Per-file Coverage Changes (3 files)
File Lines (Before → After) Statements (Before → After)
src/api-proxy-config-validation.ts 100.0% → 96.0% (-4.00%) 100.0% → 96.0% (-4.00%)
src/api-proxy-config-domains.ts 100.0% → 100.0% (+0.00%) 98.8% → 98.9% (+0.05%)
src/workdir-setup.ts 93.0% → 94.9% (+1.87%) 93.0% → 94.9% (+1.87%)
✨ New Files (1 files)
  • src/services/credentials/vertex-credential-env.ts: 100.0% lines

Coverage comparison generated by scripts/ci/compare-coverage.ts

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Copilot Smoke Test — PASS

Test Result
GitHub MCP connectivity
GitHub.com HTTP ✅ 200
File write/read

Overall: PASS@lpcox all checks passed.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: Claude Engine Validation

Check Result
API Status ✅ PASS
GH Check ✅ PASS
File Status ✅ PASS

Overall Result: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Smoke Claude for #5878 · 55.7 AIC · ⊞ 3.3K ·
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🔥 Smoke Test Results

Test Status
GitHub MCP connectivity
GitHub.com HTTP (200)
File write/read

Overall: PASS · Auth mode: PAT (COPILOT_GITHUB_TOKEN)

cc @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 PAT report filed by Smoke Copilot PAT
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: Services Connectivity

  • Redis PING: ❌ Network is unreachable
  • PostgreSQL pg_isready: ❌ No response
  • PostgreSQL SELECT 1: ❌ Network is unreachable

Overall: FAILhost.docker.internal is not reachable from this runner environment.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔌 Service connectivity validated by Smoke Services
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: Copilot BYOK (Direct) Mode ✅ PASS

  • GitHub MCP connectivity: ✅
  • GitHub.com HTTP connectivity: ✅
  • File I/O operations: ✅
  • BYOK inference (agent → api-proxy → api.githubcopilot.com): ✅

Running in direct BYOK mode via api-proxy sidecar. All systems operational.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK report filed by Smoke Copilot BYOK
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

$(sed s///g /tmp/gh-aw/agent/comment_body.txt)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Smoke test results:\n- fix: make test-coverage-reporter resilient to test failures ✅\n- fix: Copilot Business 'token' prefix not overridable by AWF_PLATFORM_TYPE ✅\n- Browser title contains GitHub ✅\n- File write/read ✅\n- Discussion comment ⚠️ blocked by missing discussions:write permission\n- Build ✅\nOverall: FAIL

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

  • awmgmcpg
  • registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Smoke Test Results: Gemini Engine

  • GitHub MCP Testing: ❌ (Tools unavailable)
  • GitHub.com Connectivity: ❌ (Network unreachable)
  • File Writing Testing: ✅
  • Bash Tool Testing: ✅

Overall Status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

PR Titles: ${{ steps.smoke-data.outputs.SMOKE_PR_DATA }}
✅ MCP testing (pre-fetched PR data validated)
✅ GitHub.com connectivity (200)
✅ File write/read (test_string)
✅ BYOK inference test
Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)

PASS

@lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: API Proxy OpenTelemetry Tracing

Scenario Result Notes
1. Module Loading ✅ Pass otel.js loads cleanly; exports startRequestSpan, setTokenAttributes, setBudgetAttributes, endSpan, endSpanError, shutdown, isEnabled, plus test helpers; isEnabled() returns true (falls back to FileSpanExporter)
2. Test Suite ✅ Pass 59 tests, 2 suites, 0 failures (otel.test.js + otel-fanout.test.js) covering init, span creation, token attrs, parent context propagation, error handling, serialization, and all exporter types
3. Env Var Forwarding ✅ Pass src/services/api-proxy-env-config.ts forwards GH_AW_OTLP_ENDPOINTS, OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_HEADERS, GITHUB_AW_OTEL_TRACE_ID, GITHUB_AW_OTEL_PARENT_SPAN_ID, OTEL_SERVICE_NAME to the api-proxy container
4. Token Tracker Integration ✅ Pass token-tracker-http.js has onUsage callback (lines 283, 324) as the OTEL hook point; invokes token normalization and budget calculation before span attributes are set
5. OTEL Diagnostics ✅ Expected No live OTLP endpoint configured; spans fall back to FileSpanExporter/var/log/api-proxy/otel.jsonl; graceful degradation confirmed by tests

Overall: ✅ All scenarios pass (or behave as expected during development).

Warning

Firewall blocked 4 domains

The following domains were blocked by the firewall during workflow execution:

  • 127.0.0.1
  • api.example.com
  • api.openai.com
  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "127.0.0.1"
    - "api.example.com"
    - "api.openai.com"
    - "awmgmcpg"

See Network Configuration for more information.

📡 OTel tracing validated by Smoke OTel Tracing
Add label ready-for-aw to run again

@github-actions github-actions Bot mentioned this pull request Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🏗️ Build Test Suite Results

Ecosystem Project Build/Install Tests Status
Bun elysia 1/1 passed ✅ PASS
Bun hono 1/1 passed ✅ PASS
C++ fmt N/A ✅ PASS
C++ json N/A ✅ PASS
Deno oak N/A 1/1 passed ✅ PASS
Deno std N/A 1/1 passed ✅ PASS
.NET hello-world N/A ✅ PASS
.NET json-parse N/A ✅ PASS
Go color 1/1 passed ✅ PASS
Go env 1/1 passed ✅ PASS
Go uuid 1/1 passed ✅ PASS
Java gson 1/1 passed ✅ PASS
Java caffeine 1/1 passed ✅ PASS
Node.js clsx all passed ✅ PASS
Node.js execa all passed ✅ PASS
Node.js p-limit all passed ✅ PASS
Rust fd 1/1 passed ✅ PASS
Rust zoxide 1/1 passed ✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Note: Java (gson, caffeine) initially failed with LocalRepositoryNotAccessibleException because ~/.m2 was owned by root. Resolved by pointing Maven to a writable local repository at /tmp/gh-aw/agent/m2-repo.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Build Test Suite for #5878 · 42.6 AIC · ⊞ 6.9K ·
Add label ready-for-aw to run again

@lpcox lpcox merged commit 0db8d6f into main Jul 3, 2026
87 of 90 checks passed
@lpcox lpcox deleted the copilot/add-vertex-ai-credential-provider branch July 3, 2026 18:35
github-actions Bot added a commit that referenced this pull request Jul 3, 2026
PR #5878 (feat: add Vertex AI provider to api-proxy) introduced three new
routing fields — vertexApiTarget, vertexApiBasePath — and the googleApiKey
credential, but did not propagate the routing fields to all required config
layers.

Gaps fixed:
- src/awf-config-schema.json: add targets.vertex providerTarget entry
- docs/awf-config.schema.json: keep identical to src schema (synced)
- src/config-file.ts: add vertex?: { host, basePath } to AwfFileConfig.apiProxy.targets
- src/config-mapper.ts: map targets.vertex.host → vertexApiTarget and
  targets.vertex.basePath → vertexApiBasePath
- docs/awf-config-spec.md: add CLI mapping rows for vertex.host and vertex.basePath

Note: googleApiKey is security-sensitive and is correctly passed only via
environment variable (GOOGLE_API_KEY), not via stdin config, so no change
to config-file.ts for that field.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-actions Bot added a commit that referenced this pull request Jul 7, 2026
PR #5878 added Google Vertex AI provider (port 10004) to the api-proxy
but missed updating docs/awf-config-spec.md.

Gaps fixed:
- §9.1 Source Credentials table: add GOOGLE_API_KEY → Google Vertex AI
- §9.2.4 Proxy-routing variables table: add GOOGLE_VERTEX_BASE_URL → port 10004
- §9.2.5 Port assignments paragraph: add 10004 (Vertex AI)
- §10.6 and introspection sections (§11.3, §11a.3, §11b.3): update
  port range 10000–10003 → 10000–10004

No schema changes needed (src/awf-config-schema.json already has
apiProxy.targets.vertex and is identical to docs/awf-config.schema.json).
TypeScript types and env-var wiring were correct in the original PR.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
lpcox pushed a commit that referenced this pull request Jul 8, 2026
PR #5878 added Google Vertex AI provider (port 10004) to the api-proxy
but missed updating docs/awf-config-spec.md.

Gaps fixed:
- §9.1 Source Credentials table: add GOOGLE_API_KEY → Google Vertex AI
- §9.2.4 Proxy-routing variables table: add GOOGLE_VERTEX_BASE_URL → port 10004
- §9.2.5 Port assignments paragraph: add 10004 (Vertex AI)
- §10.6 and introspection sections (§11.3, §11a.3, §11b.3): update
  port range 10000–10003 → 10000–10004

No schema changes needed (src/awf-config-schema.json already has
apiProxy.targets.vertex and is identical to docs/awf-config.schema.json).
TypeScript types and env-var wiring were correct in the original PR.

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

No Vertex AI provider in api-proxy credential isolation

3 participants