Remove deprecated OpenCode (10004) and align API proxy port/docs surface

[Copilot]

This PR removes deprecated OpenCode support (port 10004) across runtime/config/schema/workflow surfaces and resolves port-allocation doc drift found in the audit. It also fixes provider contribution guidance to prevent future hardcoded-port inconsistencies.

• OpenCode deprecation removal (runtime + config surface)

  • Removed OpenCode adapter implementation and registry wiring (containers/api-proxy/providers/opencode.js, providers/index.js).
  • Removed OpenCode port exposure from container/runtime constants and option/config plumbing:
    • src/types/ports.ts (OPENCODE removed)
    • src/types/api-proxy-options.ts (enableOpenCode removed)
    • src/cli-options.ts (--enable-opencode removed)
    • src/services/api-proxy-service.ts (AWF_ENABLE_OPENCODE emission removed)
    • src/commands/build-config.ts, src/config-file.ts, src/option-parsers.ts, src/parsers/rate-limit-parsers.ts, src/commands/validators/config-assembly.ts updated accordingly.
  • Removed OpenCode smoke workflows:
    • .github/workflows/smoke-opencode.md
    • .github/workflows/smoke-opencode.lock.yml

• Schema and spec synchronization

  • Removed apiProxy.enableOpenCode from generated/checked schemas:
    • src/awf-config-schema.json
    • docs/awf-config.schema.json
    • generator source scripts/generate-schema.mjs
  • Updated config/spec docs to reflect provider ports now ending at 10003.

• Documentation consistency fixes from audit

  • containers/api-proxy/README.md:
    • Added missing ports 10002 (Copilot) and 10003 (Gemini).
    • Added missing env vars for Copilot (COPILOT_GITHUB_TOKEN / COPILOT_API_KEY) and Gemini (GOOGLE_API_KEY / GEMINI_API_KEY).
  • Updated OpenCode/10004 references in:
    • docs/api-proxy-sidecar.md
    • docs/awf-config-spec.md
    • docs/authentication-architecture.md
    • docs/usage.md
    • docs/gh-cli-proxy-design.md
    • docs-site/src/content/docs/reference/cli-reference.md
    • CLAUDE.md

• Contributor guidance hardening

  • containers/api-proxy/providers/ADDING-A-PROVIDER.md:
    • Replaced hardcoded 10005 with <NEW_PORT> in EXPOSE example.
    • Added checklist entries to update src/types/ports.ts and src/host-iptables-rules.ts.
    • Removed now-obsolete OpenCode routing instructions.

- EXPOSE 10000 10001 10002 10003 10004 10005
+ EXPOSE 10000 10001 10002 10003 <NEW_PORT>

[github-actions]

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit b7ec1b4

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	96.36%	96.43%	📈 +0.07%
Statements	96.21%	96.27%	📈 +0.06%
Functions	97.96%	97.95%	➡️ -0.01%
Branches	90.35%	90.43%	📈 +0.08%

📁 Per-file Coverage Changes (3 files)

File	Lines (Before → After)	Statements (Before → After)
src/commands/validators/config-assembly.ts	97.7% → 97.6% (-0.11%)	96.7% → 96.5% (-0.15%)
src/option-parsers.ts	98.8% → 98.8% (-0.01%)	98.9% → 98.8% (-0.01%)
src/config-writer.ts	83.0% → 85.6% (+2.54%)	83.0% → 85.6% (+2.54%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

This PR removes the deprecated OpenCode API proxy endpoint (port 10004) and its configuration/CLI surface, while synchronizing schemas, tests, workflows, and documentation to reflect the API proxy provider ports ending at 10003 (OpenAI/Anthropic/Copilot/Gemini).

Changes:

• Removed OpenCode port/flag/config plumbing (OPENCODE / enableOpenCode / --enable-opencode / AWF_ENABLE_OPENCODE) and updated validations/tests accordingly.
• Removed the OpenCode provider adapter and updated api-proxy adapter registry + api-proxy test expectations to a 4-provider world.
• Updated docs/specs/workflows to eliminate 10004 references and correct port allocation guidance for contributors.

Show a summary per file

File	Description
src/types/ports.ts	Removes OPENCODE: 10004 and updates port-range docs.
src/types/api-proxy-options.ts	Updates API proxy options documentation to 4 endpoints; removes enableOpenCode option.
src/squid-config.test.ts	Updates Safe_ports test coverage to exclude 10004.
src/services/api-proxy-service.ts	Stops emitting AWF_ENABLE_OPENCODE.
src/services/api-proxy-service-rate-limit.test.ts	Removes tests asserting AWF_ENABLE_OPENCODE behavior.
src/schema.test.ts	Removes apiProxy.enableOpenCode from schema fixture expectations.
src/parsers/rate-limit-parsers.ts	Removes --enable-opencode flag validation helper.
src/option-parsers.ts	Removes re-export of validateEnableOpenCodeFlag.
src/option-parsers-reexports.test.ts	Updates re-export tests to remove OpenCode validation symbol.
src/option-parsers-misc.test.ts	Removes unit tests for OpenCode flag validation.
src/host-iptables-rules.ts	Updates comment to reflect ports from API_PROXY_PORTS (no OpenCode).
src/config-file.ts	Removes apiProxy.enableOpenCode mapping from file config → CLI options.
src/config-file.test.ts	Removes config validation and mapping tests for enableOpenCode.
src/commands/validators/config-assembly.ts	Removes OpenCode feature-flag compatibility validation.
src/commands/validators/config-assembly.test.ts	Updates mocks/tests to remove OpenCode validation and config fields.
src/commands/validate-options.test.ts	Removes OpenCode-related validation expectations.
src/commands/build-config.ts	Removes enableOpenCode from assembled WrapperConfig.
src/commands/build-config.test.ts	Updates build-config tests to remove OpenCode input fields.
src/cli-options.ts	Removes --enable-opencode CLI flag definition.
src/awf-config-schema.json	Removes apiProxy.enableOpenCode from generated config schema.
scripts/generate-schema.mjs	Removes schema generation for enableOpenCode.
docs/usage.md	Removes --enable-opencode from CLI usage docs.
docs/gh-cli-proxy-design.md	Updates documented api-proxy port range to 10000-10003.
docs/awf-config.schema.json	Removes apiProxy.enableOpenCode from published docs schema.
docs/awf-config-spec.md	Removes config↔CLI mapping and all 10004/OpenCode references from spec text.
docs/authentication-architecture.md	Removes OpenCode port references and updates port range note.
docs/api-proxy-sidecar.md	Removes OpenCode port and reflect example entry; updates injection table text.
docs-site/src/content/docs/reference/cli-reference.md	Updates sidecar port table to include Gemini at 10003 (but needs env var table update).
containers/api-proxy/token-tracker-http.js	Updates provider list documentation to remove opencode mention.
containers/api-proxy/server.routing.test.js	Removes OpenCode routing/adapter tests; updates adapter-method test data.
containers/api-proxy/server.proxy.test.js	Removes OpenCode→Copilot x-initiator tests.
containers/api-proxy/server.network.test.js	Updates /reflect expectations from 5 endpoints to 4.
containers/api-proxy/server.models.test.js	Updates models.json expectations from 5 providers to 4.
containers/api-proxy/server.lifecycle.test.js	Removes OpenCode alwaysBind/unconfigured-response tests and imports.
containers/api-proxy/README.md	Adds Copilot/Gemini ports + env vars (but currently documents unsupported GOOGLE_API_KEY).
containers/api-proxy/providers/opencode.js	Deletes the OpenCode provider adapter implementation.
containers/api-proxy/providers/index.js	Removes OpenCode adapter wiring; returns only 4 adapters.
containers/api-proxy/providers/ADDING-A-PROVIDER.md	Removes OpenCode routing guidance; replaces hardcoded EXPOSE ports with <NEW_PORT> and adds checklists.
containers/api-proxy/Dockerfile	Stops exposing port 10004.
containers/api-proxy/body-transform.js	Updates provider-type docs to remove opencode.
CLAUDE.md	Updates repo architecture docs to remove OpenCode port references.
.github/workflows/smoke-opencode.md	Removes deprecated OpenCode smoke workflow definition.
.github/workflows/smoke-opencode.lock.yml	Removes compiled lock workflow for the OpenCode smoke test.
.github/workflows/duplicate-code-detector.md	Removes opencode provider file from provider similarity scan list.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 44/44 changed files
• Comments generated: 3

[lpcox]

@copilot resolve branch conflicts and address review feedback

[Copilot]

@copilot resolve branch conflicts and address review feedback

Done. I resolved the branch conflict by merging origin/main and addressed the review feedback in commit 31c6adc:

• updated API proxy README health-endpoint wording
• corrected Gemini credential docs to GEMINI_API_KEY
• added GEMINI_API_KEY to the CLI reference env var table
• kept upstream merge updates (injectStreamOptions request-path handling + tests) while preserving OpenCode removal.

[lpcox]

@copilot resolve the merge conflicts in this pull request

[Copilot]

@copilot resolve the merge conflicts in this pull request

Resolved. I merged the latest origin/main and fixed the resulting conflict in commit 85b51bb, then added follow-up test alignment for removed OpenCode config in fe803fa.

[github-actions]

Smoke Test: Copilot BYOK (Offline) — FAIL

• ✅ GitHub MCP: Retrieved PR Reduce Documentation Maintainer workflow prompt/tool overhead #3704 — "Reduce Documentation Maintainer workflow prompt/tool overhead"
• ❌ File test: /tmp/smoke-test-file.txt not found (pre-step issue)
• ✅ BYOK inference: Running in offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com
• ⚠️ GitHub.com connectivity: HTTP status not provided in template variables

Overall: FAIL (file test failed)

PR #3698: Remove deprecated OpenCode (10004) and align API proxy port/docs surface
Author: @Copilot | Assignees: @lpcox, @Copilot

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

✅ Smoke Test Results

• ✅ GitHub API: 2 PR entries confirmed in recent-prs.json
• ✅ GitHub check: playwright_check verified as PASS
• ✅ File verify: smoke-test-claude-26381948217.txt exists

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Smoke Test Results

MCP & Engine Validation

• ✅ GitHub MCP: Retrieved PR Reduce Documentation Maintainer workflow prompt/tool overhead #3704
• ❌ File I/O: Test file missing
• ⚠️ HTTP check: Pre-step data unavailable

Status: PARTIAL (1/3 verified)

cc @Copilot @lpcox

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

🔍 Smoke Test: API Proxy OTEL Tracing — Results

✅ Scenario 1: Module Loading

Status: PASS
otel.js loaded successfully with all expected exports:

• startRequestSpan, endSpan, endSpanError, setTokenAttributes
• isEnabled, shutdown
• Internal exports for testing: _provider, _buildResourceSpans, _parseOtlpHeaders, _ProxyAwareOtlpExporter, _FileSpanExporter

✅ Scenario 2: Test Suite

Status: PASS
32/32 tests passed in otel.test.js (1.657s)

• ✅ OTLP header parsing (3 tests)
• ✅ Request span creation with attributes (4 tests)
• ✅ Token usage attributes & GenAI semantic conventions (3 tests)
• ✅ Span lifecycle (OK/ERROR status codes) (6 tests)
• ✅ Span serialization to OTLP/JSON format (1 test)
• ✅ ProxyAwareOtlpExporter (endpoint normalization, proxy config, error handling) (8 tests)
• ✅ FileSpanExporter (local NDJSON fallback) (2 tests)
• ✅ Graceful shutdown (1 test)

✅ Scenario 3: Env Var Forwarding

Status: PASS
src/services/api-proxy-service.ts:128-140 forwards all OTEL env vars to api-proxy container:

• OTEL_EXPORTER_OTLP_ENDPOINT (conditional)
• OTEL_EXPORTER_OTLP_HEADERS (conditional)
• OTEL_SERVICE_NAME (default: awf-api-proxy)
• GITHUB_AW_OTEL_TRACE_ID (parent trace context)
• GITHUB_AW_OTEL_PARENT_SPAN_ID (parent span context)

✅ Scenario 4: Token Tracker Integration

Status: PASS
token-tracker-http.js:62,66,237-239 implements onUsage callback hook:

• Signature: (normalizedUsage: object, model: string|null) => void
• Invoked after token usage extraction with normalized data
• Ready for OTEL span decoration via setTokenAttributes()

i️ Scenario 5: OTEL Diagnostics

Status: N/A (no OTLP endpoint configured in test)
OTLP export validation requires live collector endpoint. Test suite uses InMemorySpanExporter for isolation. Production spans export via:

• Network mode: OTLP/HTTP through Squid proxy when OTEL_EXPORTER_OTLP_ENDPOINT is set
• Local fallback: NDJSON to /var/log/api-proxy/otel.jsonl when endpoint is absent

---

Summary: All testable scenarios passed. OTEL integration is production-ready for distributed tracing with GenAI semantic conventions and parent context propagation.

📡 OTel tracing validated by Smoke OTel Tracing

[github-actions]

Smoke test results: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini

[github-actions]

Smoke Codex: FAIL
✅ Merged PRs: Reduce Documentation Maintainer workflow prompt/tool overhead; Split api-proxy-config tests by validation concern
❌ SafeInputs GH PR query: safeinputs-gh unavailable
✅ Playwright title contains GitHub
❌ Tavily search: no callable search tool exposed
✅ File/bash check passed
✅ Discussion 3725 comment posted
✅ Build passed: npm ci && npm run build
Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

[github-actions]

Smoke Test: Services Connectivity

❌ Redis: Connection timeout (no PONG)
❌ PostgreSQL pg_isready: Connection timeout (no response)
❌ PostgreSQL SELECT: Not tested (pg_isready failed)

Overall: FAIL — Cannot reach service containers at host.docker.internal

🔌 Service connectivity validated by Smoke Services

[github-actions]

Chroot Runtime Version Comparison

Test results from comparing host and chroot runtime versions:

Runtime	Host Version	Chroot Version	Match?
Python	3.12.13	3.12.3	❌ NO
Node.js	v24.15.0	v22.22.3	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Overall Result: Tests FAILED - Not all runtime versions match between host and chroot environment.

Analysis

• Go: ✅ Versions match exactly (go1.22.12)
• Python: ❌ Minor version mismatch (3.12.13 vs 3.12.3)
• Node.js: ❌ Major version mismatch (v24.15.0 vs v22.22.3)

The version mismatches indicate that the chroot environment is not perfectly mirroring the host runtime versions, which could lead to inconsistent behavior.

Tested by Smoke Chroot

[github-actions]

🏗️ Build Test Suite Results

All 8 ecosystems tested successfully!

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	1/1 passed	✅ PASS
Node.js	execa	✅	1/1 passed	✅ PASS
Node.js	p-limit	✅	1/1 passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

---

Summary:

• ✅ All repository clones successful
• ✅ All builds/installations successful
• ✅ All tests passed (12/12 test suites)
• ✅ Zero failures across all ecosystems

Generated by Build Test Suite for issue #3698 · ● 18M · ◷