Problem
The AWF API proxy sidecar (containers/api-proxy/) does not have a Gemini handler. When the gemini engine is used, the AWF infrastructure sets GEMINI_API_BASE_URL=(172.30.0.30/redacted) (or (host.docker.internal/redacted) pointing at the proxy, but the proxy logs:
[INFO] API proxy enabled: OpenAI=false, Anthropic=false, Copilot=false
[WARN] ⚠️ API proxy enabled but no API keys found in environment
The Gemini CLI then fails to authenticate because it's talking to a proxy that doesn't understand the Gemini API protocol, even though GEMINI_API_KEY is correctly configured as a repo secret.
This issue consolidates two original reports:
Root Cause
- Missing Gemini proxy handler:
containers/api-proxy/server.js has handlers for OpenAI (port 10000), Anthropic (port 10001), Copilot (port 10002), and OpenCode (port 10004), but no port/handler for Google Gemini. GEMINI_API_BASE_URL is being set to a non-existent proxy endpoint.
- ENOENT on projects.json: Gemini CLI attempts to write
~/.gemini/projects.json using an atomic rename (write to .tmp, then rename). The target directory likely does not exist in the container's home volume, causing ENOENT. The home volume in src/docker-manager.ts whitelists $HOME subdirs (.cache, .config, .local, etc.) but not .gemini.
Proposed Solution
- Add Gemini proxy handler in
containers/api-proxy/server.js:
- Listen on port 10003 (or a new port consistent with the port table in
AGENTS.md)
- Accept requests from the agent, inject
GEMINI_API_KEY via x-goog-api-key header, and forward to (generativelanguage.googleapis.com/redacted)
- Add
GEMINI_API_KEY to the "API keys found" detection logic
- Conditionally set
GEMINI_API_BASE_URL: In src/docker-manager.ts, only set GEMINI_API_BASE_URL to the proxy when GEMINI_API_KEY is present in the environment; otherwise omit the var and let the Gemini CLI use its own key directly.
- Add
.gemini to whitelisted home subdirs: In src/docker-manager.ts agent volume configuration (around line 172), add .gemini to the list of allowed $HOME subdirectories so the CLI can write its config/registry files.
- Update domain allowlist: Add
generativelanguage.googleapis.com to OpenCodeBaseDefaultDomains or a new GeminiBaseDefaultDomains list so Gemini requests are permitted through the Squid proxy.
Generated by Firewall Issue Dispatcher · ● 2.1M · ◷
Problem
The AWF API proxy sidecar (
containers/api-proxy/) does not have a Gemini handler. When thegeminiengine is used, the AWF infrastructure setsGEMINI_API_BASE_URL=(172.30.0.30/redacted) (or(host.docker.internal/redacted) pointing at the proxy, but the proxy logs:The Gemini CLI then fails to authenticate because it's talking to a proxy that doesn't understand the Gemini API protocol, even though
GEMINI_API_KEYis correctly configured as a repo secret.This issue consolidates two original reports:
Root Cause
containers/api-proxy/server.jshas handlers for OpenAI (port 10000), Anthropic (port 10001), Copilot (port 10002), and OpenCode (port 10004), but no port/handler for Google Gemini.GEMINI_API_BASE_URLis being set to a non-existent proxy endpoint.~/.gemini/projects.jsonusing an atomic rename (write to.tmp, then rename). The target directory likely does not exist in the container's home volume, causingENOENT. The home volume insrc/docker-manager.tswhitelists$HOMEsubdirs (.cache,.config,.local, etc.) but not.gemini.Proposed Solution
containers/api-proxy/server.js:AGENTS.md)GEMINI_API_KEYviax-goog-api-keyheader, and forward to(generativelanguage.googleapis.com/redacted)GEMINI_API_KEYto the "API keys found" detection logicGEMINI_API_BASE_URL: Insrc/docker-manager.ts, only setGEMINI_API_BASE_URLto the proxy whenGEMINI_API_KEYis present in the environment; otherwise omit the var and let the Gemini CLI use its own key directly..geminito whitelisted home subdirs: Insrc/docker-manager.tsagent volume configuration (around line 172), add.geminito the list of allowed$HOMEsubdirectories so the CLI can write its config/registry files.generativelanguage.googleapis.comtoOpenCodeBaseDefaultDomainsor a newGeminiBaseDefaultDomainslist so Gemini requests are permitted through the Squid proxy.