feat: add Google Gemini API proxy support (port 10003)

[lpcox]

Problem

Gemini CLI v0.65.0+ performs a startup auth check that exits with code 41 when GEMINI_API_BASE_URL is set but no GEMINI_API_KEY is found. In AWF mode, the real key should be held by the api-proxy sidecar (not exposed to the agent container), but no Gemini proxy endpoint exists — forcing gh-aw to work around the issue by injecting placeholder keys and mkdir commands into the container command string.

Additionally, ~/.gemini/ is not in AWF's whitelisted home subdirectories, causing an ENOENT when Gemini CLI attempts to save its project registry.

Upstream: github/gh-aw#23695 (gh-aw workaround for this gap)

Solution

Add full Gemini API proxy support following the same pattern as OpenAI, Anthropic, and Copilot providers:

API Proxy Sidecar (containers/api-proxy/)

• Port 10003 — New Gemini proxy server in server.js
• Reads GEMINI_API_KEY from env and injects it as x-goog-api-key header (Google API standard)
• Supports configurable target (GEMINI_API_TARGET, default: generativelanguage.googleapis.com) and base path prefix (GEMINI_API_BASE_PATH)
• Health check, rate limiting, and WebSocket upgrade support
• Added to health response, startup log, and Dockerfile EXPOSE

CLI (src/cli.ts)

• --gemini-api-target <host> and --gemini-api-base-path <path> flags
• GEMINI_API_KEY read from env and passed to config
• Gemini target auto-added to domain allowlist
• Target validation warning via emitApiProxyTargetWarnings()

Docker Manager (src/docker-manager.ts)

• GEMINI_API_KEY excluded from agent env when api-proxy enabled
• GEMINI_API_KEY, GEMINI_API_TARGET, GEMINI_API_BASE_PATH passed to sidecar container
• GEMINI_API_BASE_URL set in agent container pointing to sidecar (http://172.30.0.30:10003)
• Placeholder GEMINI_API_KEY set in agent so Gemini CLI's startup auth check passes
• .gemini added to whitelisted home subdirectories (bind mount + chroot dir creation)

Types (src/types.ts)

• GEMINI: 10003 added to API_PROXY_PORTS
• geminiApiKey, geminiApiTarget, geminiApiBasePath added to WrapperConfig

How it works

Gemini CLI (agent container)
  → GEMINI_API_BASE_URL=http://172.30.0.30:10003
  → Sends request with placeholder key
  → API proxy sidecar strips placeholder, injects real GEMINI_API_KEY
  → Routes through Squid (domain allowlist enforced)
  → generativelanguage.googleapis.com

Once this lands, the mkdir + placeholder workaround in gh-aw#23695 can be simplified — AWF will handle both the ~/.gemini/ directory and the credential isolation natively.

Testing

• Build: ✅
• Lint: ✅ (0 errors)
• Unit tests: ✅ (322 CLI tests, 192 api-proxy tests pass)
• Test update: Updated chroot home dir test to include .gemini

[github-actions]

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric	Base	PR	Delta
Lines	85.81%	85.64%	📉 -0.17%
Statements	85.69%	85.53%	📉 -0.16%
Functions	86.71%	86.71%	➡️ +0.00%
Branches	78.50%	78.02%	📉 -0.48%

📁 Per-file Coverage Changes (2 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	86.1% → 85.6% (-0.46%)	85.6% → 85.2% (-0.44%)
src/cli.ts	60.6% → 60.6% (+0.02%)	61.1% → 61.1% (+0.02%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌ NO
Node.js	v24.14.0	v20.20.1	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Overall: ❌ Not all tests passed — Python and Node.js versions differ between host and chroot environments.

Tested by Smoke Chroot for issue #1640

[Copilot]

Pull request overview

Adds Google Gemini support to the existing API-proxy sidecar pattern so Gemini CLI can run in AWF mode without exposing the real API key to the agent container, while also ensuring Gemini CLI state (~/.gemini) is persisted in chroot mode.

Changes:

• Introduces a new Gemini proxy listener on port 10003 in the api-proxy sidecar, with support for custom target host/base-path and x-goog-api-key injection.
• Extends CLI/config/types to support geminiApiKey, geminiApiTarget, and geminiApiBasePath and wires them into Docker Compose generation.
• Adds ~/.gemini to the chroot home subdirectory allowlist and updates the corresponding test.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/types.ts	Adds Gemini proxy port constant and new wrapper config fields for Gemini proxy settings.
src/docker-manager.ts	Wires Gemini env handling between agent and sidecar; mounts ~/.gemini; creates chroot dir.
src/docker-manager.test.ts	Updates expected chroot home subdirectories to include .gemini.
src/cli.ts	Adds Gemini API target/base-path flags and reads GEMINI_API_KEY into config; adds target warning/allowlist support.
containers/api-proxy/server.js	Adds Gemini proxy server on 10003 with key injection, health endpoint, and rate limiting.
containers/api-proxy/Dockerfile	Exposes port 10003 in the sidecar image.

Comments suppressed due to low confidence (1)

src/cli.ts:1783

• validateApiProxyConfig() / API-proxy status logging elsewhere in this file still only consider OpenAI/Anthropic/Copilot. With geminiApiKey now supported, running with only GEMINI_API_KEY will emit a misleading "no API keys found" warning and omit Gemini from the status output. Update the validation + status log to include Gemini.

      copilotGithubToken: process.env.COPILOT_GITHUB_TOKEN,
      geminiApiKey: process.env.GEMINI_API_KEY,
      copilotApiTarget: options.copilotApiTarget || process.env.COPILOT_API_TARGET,
      openaiApiTarget: options.openaiApiTarget || process.env.OPENAI_API_TARGET,
      openaiApiBasePath: options.openaiApiBasePath || process.env.OPENAI_API_BASE_PATH,

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

geminiApiKey is now being added to the runtime config object, but the later redaction logic only excludes openaiApiKey, anthropicApiKey, and copilotGithubToken. This will cause GEMINI_API_KEY to be logged in debug output via redactedConfig (secret disclosure). Add geminiApiKey to the redaction skip list (and any other secret-handling paths).

This issue also appears on line 1779 of the same file.

[Copilot]

Gemini auth is injected via x-goog-api-key, but the proxy’s auth-safety/logging paths are still oriented around authorization/x-api-key. Consider adding x-goog-api-key to the stripped header set and including it in the auth_inject debug logic so client-supplied Gemini keys are consistently removed/overwritten and injection can be observed in logs.

[github-actions]

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric	Base	PR	Delta
Lines	85.81%	86.20%	📈 +0.39%
Statements	85.69%	86.07%	📈 +0.38%
Functions	86.71%	87.41%	📈 +0.70%
Branches	78.50%	78.46%	📉 -0.04%

📁 Per-file Coverage Changes (2 files)

File	Lines (Before → After)	Statements (Before → After)
src/cli.ts	60.6% → 61.3% (+0.78%)	61.1% → 61.8% (+0.77%)
src/docker-manager.ts	86.1% → 87.0% (+0.89%)	85.6% → 86.5% (+0.88%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Smoke Test Results

✅ GitHub MCP: test: add tests for Gemini API proxy support to fix coverage regression (#1654), fix: increase smoke-claude max-turns and fix playwright log dir permissions (#1653)
✅ Playwright: github.com title contains "GitHub"
✅ File Write: /tmp/gh-aw/agent/smoke-test-claude-23966647833.txt created
✅ Bash: File verified via cat

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌ NO
Node.js	v24.14.1	v20.20.2	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Overall: ❌ NOT all tests passed — Python and Node.js versions differ between host and chroot environments.

Tested by Smoke Chroot for issue #1640

[github-actions]

Smoke Test: GitHub Actions Services Connectivity ✅

All checks passed:

Check	Result
Redis PING → host.docker.internal:6379	✅ PONG
pg_isready → host.docker.internal:5432	✅ accepting connections
psql SELECT 1 → smoketest db as postgres	✅ returned 1

🔌 Service connectivity validated by Smoke Services

[github-actions]

🔥 Smoke Test Results

Test	Status
GitHub MCP (list PRs)	✅
GitHub.com HTTP	❌ step output unavailable
File write/read	❌ step output unavailable

PR: feat: add Google Gemini API proxy support (port 10003) — @lpcox
Overall: FAIL — Pre-step outputs (smoke-data) were not substituted into the agent prompt (known gh-aw activation/agent job limitation).

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	All passed	✅ PASS
Node.js	execa	✅	All passed	✅ PASS
Node.js	p-limit	✅	All passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #1640 · ◷

[github-actions]

Smoke Test Results

PR titles: "test: add tests for Gemini API proxy support to fix coverage regression"; "perf: optimize security-guard token usage"

1. GitHub MCP last 2 merged PRs: ✅
2. safeinputs-gh PR query: ❌ (tool unavailable)
3. Playwright title contains GitHub: ✅
4. Tavily search returns at least 1 result: ❌ (tool unavailable)
5. File write /tmp/gh-aw/agent/smoke-test-codex-23966647853.txt: ✅
6. Bash cat file verification: ✅
7. Discussion lookup + mystical discussion comment: ❌ (tool unavailable)
8. npm ci && npm run build: ✅
   Overall status: FAIL

🔮 The oracle has spoken through Smoke Codex