Skip to content

Refactor provider unconfigured-response handling into adapter-factory metadata#5945

Merged
lpcox merged 2 commits into
mainfrom
copilot/fix-duplicate-provider-responses
Jul 6, 2026
Merged

Refactor provider unconfigured-response handling into adapter-factory metadata#5945
lpcox merged 2 commits into
mainfrom
copilot/fix-duplicate-provider-responses

Conversation

Copilot AI commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

OpenAI, Anthropic, and Copilot each hand-built request-time “unconfigured” responses with overlapping logic and slightly divergent semantics. This change centralizes that behavior in adapter-factory so providers declare response metadata instead of duplicating response builders.

  • Adapter factory: declarative request-time response generation

    • Added request-time metadata support to buildProviderAdapter():
      • missingCredentialResponse
      • unconfiguredResponseWhen
    • Added shared buildUnconfiguredResponse() to produce either:
      • plain { error: string } payloads, or
      • structured provider_not_configured payloads (via makeProviderNotConfiguredResponse).
    • Preserves explicit status behavior (e.g., OpenAI’s 404 missing-credential default vs 503 OIDC-unavailable override).
  • Provider adapters: remove duplicated getUnconfiguredResponse() implementations

    • openai.js, anthropic.js, copilot.js now declare request-time response behavior through adapter metadata.
    • Existing provider-specific semantics/messages remain intact; only construction is centralized.
  • Factory-level coverage for new behavior

    • Extended adapter-factory.test.js to cover:
      • auto-generation from missingCredentialResponse,
      • dynamic override via unconfiguredResponseWhen,
      • validation error for partially specified declarative request metadata.
return buildProviderAdapter({
  name: 'openai',
  port: 10000,
  // ...
  missingCredentialResponse: {
    kind: 'plain_error',
    statusCode: 404,
    message: 'OpenAI proxy not configured (no OPENAI_API_KEY/COPILOT_PROVIDER_API_KEY or OIDC auth)',
  },
  unconfiguredResponseWhen: () => oidcConfigured
    ? { kind: 'plain_error', statusCode: 503, message: 'OpenAI OIDC token unavailable; retry shortly' }
    : null,
});

Copilot AI changed the title [WIP] Fix duplicate code in provider unconfigured responses Refactor provider unconfigured-response handling into adapter-factory metadata Jul 6, 2026
Copilot finished work on behalf of lpcox July 6, 2026 13:02
Copilot AI requested a review from lpcox July 6, 2026 13:02
@lpcox lpcox marked this pull request as ready for review July 6, 2026 13:05
Copilot AI review requested due to automatic review settings July 6, 2026 13:05

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors “provider not configured” (unconfigured) response handling in the API-proxy sidecar by centralizing request-time response construction in containers/api-proxy/adapter-factory.js. Providers (OpenAI, Anthropic, Copilot) now declare declarative response metadata instead of implementing bespoke getUnconfiguredResponse() functions.

Changes:

  • Added declarative request-time response metadata (missingCredentialResponse, unconfiguredResponseWhen) to buildProviderAdapter() and centralized response construction via buildUnconfiguredResponse().
  • Updated OpenAI, Anthropic, and Copilot providers to remove duplicated getUnconfiguredResponse() implementations and provide metadata instead.
  • Extended adapter-factory.test.js to cover auto-generation, override behavior, and validation errors for partial metadata.
Show a summary per file
File Description
containers/api-proxy/providers/openai.js Replaces hand-built unconfigured response function with declarative metadata (preserving 404 vs 503 semantics).
containers/api-proxy/providers/anthropic.js Moves request-time unconfigured response logic to adapter metadata while keeping OIDC “unavailable” behavior.
containers/api-proxy/providers/copilot.js Converts unconfigured response generation to metadata, preserving structured provider_not_configured responses.
containers/api-proxy/adapter-factory.js Adds centralized buildUnconfiguredResponse() and metadata-driven generation/validation in buildProviderAdapter().
containers/api-proxy/adapter-factory.test.js Adds factory-level tests for new declarative request-time response behavior.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 5/5 changed files
  • Comments generated: 0
  • Review effort level: Low

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric Base PR Delta
Lines 98.81% 98.81% ➡️ +0.00%
Statements 98.73% 98.73% ➡️ +0.00%
Functions 99.58% 99.58% ➡️ +0.00%
Branches 95.14% 95.10% 📉 -0.04%

Coverage comparison generated by scripts/ci/compare-coverage.ts

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Smoke Gemini completed. All facets verified. 💎

Attempting to list PRs via MCP

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Contribution Check completed successfully!

PR #5945 follows the applicable CONTRIBUTING.md guidelines based on the prefetched metadata, diff, and contribution guide; no comment needed.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🔌 Smoke Services — All services reachable! ✅

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Chroot tests failed Smoke Chroot failed - See logs for details.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Build Test Suite completed successfully!

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Security Guard failed. Please review the logs for details.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Smoke Claude passed

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: Copilot BYOK (Direct) Mode

✅ GitHub MCP connectivity
✅ File write/read test
✅ BYOK inference (api-proxy → api.githubcopilot.com)

Status: PASS — Running in direct BYOK mode via COPILOT_PROVIDER_API_KEY

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK report filed by Smoke Copilot BYOK
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

@lpcox Smoke test results:

  • GitHub MCP connectivity: ✅ pre-fetched data validated
  • GitHub.com connectivity: ✅
  • File I/O test: ✅
  • BYOK inference test: ✅

Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)
Overall: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: Services Connectivity

  • Redis PING: ❌ (Network is unreachable)
  • PostgreSQL pg_isready: ❌ (no response)
  • PostgreSQL SELECT 1: ❌ (Network is unreachable)

Overall: FAILhost.docker.internal (172.17.0.1) is not reachable from this runner. Service containers may not be running or the network bridge is unavailable.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔌 Service connectivity validated by Smoke Services
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Gemini Smoke Test Results

  • GitHub MCP Testing: ⌛ (Pending)
  • GitHub.com Connectivity: ❌ (Exit Code 7)
  • File Writing Testing: ✅
  • Bash Tool Testing: ✅

Overall status: FAIL (Pending MCP test)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Smoke Test Results

Test Status
GitHub MCP Connectivity ✅ PASS
GitHub.com HTTP ✅ PASS (200)
File Write/Read ⚠️ N/A (pre-step vars unexpanded)

Overall: PASS

Author: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: Claude Engine Validation

Check Result
API Status ✅ PASS
GH Check ✅ PASS
File Status ✅ PASS

Overall Result: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Smoke Claude for #5945 · 35.6 AIC · ⊞ 3.3K ·
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: Copilot PAT Auth — PASS ✅

Test Result
GitHub MCP connectivity
GitHub.com HTTP ✅ 200
File write/read

Overall: PASS | Auth mode: PAT (COPILOT_GITHUB_TOKEN)
Author: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 PAT report filed by Smoke Copilot PAT
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Merged PRs:

  • chore: upgrade gh-aw to v0.82.2 pre-release and recompile workflows
  • Upgrade gh-aw to v0.82.2 pre-release and recompile workflows
    Results: ✅ PR query | ✅ Playwright | ✅ File write/read | ✅ Build
    Overall: PASS

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

  • awmgmcpg
  • registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🔬 Smoke Test: API Proxy OpenTelemetry Tracing

Scenario Status Notes
1. Module Loading otel.js loads cleanly; exports 14 symbols (startRequestSpan, setTokenAttributes, setBudgetAttributes, endSpan, endSpanError, shutdown, isEnabled, ...)
2. Test Suite 39/39 tests passed, 0 failed (otel.test.js; covers ProxyAwareOtlpExporter, FileSpanExporter, shutdown)
3. Env Var Forwarding src/services/api-proxy-env-config.ts forwards GH_AW_OTLP_ENDPOINTS, OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_HEADERS, GITHUB_AW_OTEL_TRACE_ID, GITHUB_AW_OTEL_PARENT_SPAN_ID, OTEL_SERVICE_NAME
4. Token Tracker Integration onUsage callback present in token-tracker-http.js (line 283); invoked post-usage-extraction as the OTEL hook point
5. OTEL Diagnostics No OTLP endpoint configured → graceful fallback to FileSpanExporter (/var/log/api-proxy/otel.jsonl); isEnabled() returns true

Result: All 5 scenarios pass. OTEL tracing integration is functional.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📡 OTel tracing validated by Smoke OTel Tracing
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

cc @lpcox
Smoke Test Results:

  • GitHub MCP tool: ✅
  • GitHub.com Connectivity: ✅
  • File Write/Read Test: ✅
  • BYOK Inference: ✅
    Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)
    Overall: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🏗️ Build Test Suite Results

Ecosystem Project Build/Install Tests Status
Bun elysia 1/1 passed ✅ PASS
Bun hono 1/1 passed ✅ PASS
C++ fmt N/A ✅ PASS
C++ json N/A ✅ PASS
Deno oak N/A 1/1 passed ✅ PASS
Deno std N/A 1/1 passed ✅ PASS
.NET hello-world N/A ✅ PASS
.NET json-parse N/A ✅ PASS
Go color ok ✅ PASS
Go env ok ✅ PASS
Go uuid ok ✅ PASS
Java gson 1/1 passed ✅ PASS
Java caffeine 1/1 passed ✅ PASS
Node.js clsx All passed ✅ PASS
Node.js execa All passed ✅ PASS
Node.js p-limit All passed ✅ PASS
Rust fd 1/1 passed ✅ PASS
Rust zoxide 1/1 passed ✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Note: Java Maven required a workaround for local repository permissions (~/.m2 owned by root); resolved by using a writable custom local repo path (-Dmaven.repo.local).

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Build Test Suite for #5945 · 36.2 AIC · ⊞ 6.9K ·
Add label ready-for-aw to run again

@lpcox lpcox merged commit 1824bc9 into main Jul 6, 2026
85 of 91 checks passed
@lpcox lpcox deleted the copilot/fix-duplicate-provider-responses branch July 6, 2026 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Duplicate Code] Provider unconfigured responses repeat API proxy status logic

3 participants