fix: fix API proxy sidecar bugs preventing Anthropic-only usage

The API proxy sidecar (PR #751) had several bugs that prevented it from
working when only an Anthropic API key was provided:

1. Health endpoint only listened on port 10000 when OpenAI key was set,
   causing Docker healthcheck failures with Anthropic-only configs
2. http-proxy-middleware didn't route through Squid (no HTTP_PROXY support),
   replaced with https-proxy-agent for explicit Squid routing
3. Missing package-lock.json caused npm ci to fail during container build
4. Host-level iptables (DOCKER-USER) blocked agent→sidecar traffic
5. Agent iptables OUTPUT filter dropped TCP to sidecar IP
6. NO_PROXY not set, causing curl to route sidecar requests through Squid
7. Docker DNS couldn't resolve 'api-proxy' hostname in chroot mode,
   switched BASE_URLs to use IP addresses directly

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Mossaka

containers/agent/setup-iptables.sh

@@ -127,6 +127,13 @@ fi
 echo "[iptables] Allow traffic to Squid proxy (${SQUID_IP}:${SQUID_PORT})..."
 iptables -t nat -A OUTPUT -d "$SQUID_IP" -j RETURN
 
+# Allow traffic to API proxy sidecar (when enabled)
+# AWF_API_PROXY_IP is set by docker-manager.ts when --enable-api-proxy is used
+if [ -n "$AWF_API_PROXY_IP" ]; then
+  echo "[iptables] Allow traffic to API proxy sidecar (${AWF_API_PROXY_IP})..."
+  iptables -t nat -A OUTPUT -d "$AWF_API_PROXY_IP" -j RETURN
+fi
+
 # Bypass Squid for host.docker.internal when host access is enabled.
 # MCP gateway traffic to host.docker.internal gets DNAT'd to Squid,
 # where Squid fails with "Invalid URL" because rmcp sends relative URLs.
@@ -263,6 +270,11 @@ iptables -A OUTPUT -p tcp -d 127.0.0.11 --dport 53 -j ACCEPT
 # Allow traffic to Squid proxy (after NAT redirection)
 iptables -A OUTPUT -p tcp -d "$SQUID_IP" -j ACCEPT
 
+# Allow traffic to API proxy sidecar (when enabled)
+if [ -n "$AWF_API_PROXY_IP" ]; then
+  iptables -A OUTPUT -p tcp -d "$AWF_API_PROXY_IP" -j ACCEPT
+fi
+
 # Drop all other TCP traffic (default deny policy)
 # This ensures that only explicitly allowed ports can be accessed
 echo "[iptables] Drop all non-redirected TCP traffic (default deny)..."

containers/api-proxy/Dockerfile

@@ -11,8 +11,8 @@ WORKDIR /app
 # Copy package files
 COPY package*.json ./
 
-# Install dependencies
-RUN npm ci --only=production
+# Install dependencies (generates lockfile in container)
+RUN npm install --omit=dev
 
 # Copy application files
 COPY server.js ./

containers/api-proxy/package-lock.json

@@ -7,8 +7,7 @@
     "start": "node server.js"
   },
   "dependencies": {
-    "express": "^4.18.2",
-    "http-proxy-middleware": "^2.0.6"
+    "https-proxy-agent": "^7.0.6"
   },
   "engines": {
     "node": ">=18.0.0"

containers/api-proxy/package.json

@@ -10,19 +10,19 @@
  * 4. Respects domain whitelisting enforced by Squid
  */
 
-const express = require('express');
-const { createProxyMiddleware } = require('http-proxy-middleware');
+const http = require('http');
+const https = require('https');
+const { URL } = require('url');
+const { HttpsProxyAgent } = require('https-proxy-agent');
 
 // Read API keys from environment (set by docker-compose)
 const OPENAI_API_KEY = process.env.OPENAI_API_KEY;
 const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
 
 // Squid proxy configuration (set via HTTP_PROXY/HTTPS_PROXY in docker-compose)
-const HTTP_PROXY = process.env.HTTP_PROXY;
-const HTTPS_PROXY = process.env.HTTPS_PROXY;
+const HTTPS_PROXY = process.env.HTTPS_PROXY || process.env.HTTP_PROXY;
 
 console.log('[API Proxy] Starting AWF API proxy sidecar...');
-console.log(`[API Proxy] HTTP_PROXY: ${HTTP_PROXY}`);
 console.log(`[API Proxy] HTTPS_PROXY: ${HTTPS_PROXY}`);
 if (OPENAI_API_KEY) {
   console.log('[API Proxy] OpenAI API key configured');
@@ -31,72 +31,126 @@ if (ANTHROPIC_API_KEY) {
   console.log('[API Proxy] Anthropic API key configured');
 }
 
-// Create Express app
-const app = express();
-
-// Health check endpoint
-app.get('/health', (req, res) => {
-  res.status(200).json({
-    status: 'healthy',
-    service: 'awf-api-proxy',
-    squid_proxy: HTTP_PROXY || 'not configured',
-    providers: {
-      openai: !!OPENAI_API_KEY,
-      anthropic: !!ANTHROPIC_API_KEY
+// Create proxy agent for routing through Squid
+const proxyAgent = HTTPS_PROXY ? new HttpsProxyAgent(HTTPS_PROXY) : undefined;
+if (!proxyAgent) {
+  console.warn('[API Proxy] WARNING: No HTTPS_PROXY configured, requests will go direct');
+}
+
+/**
+ * Forward a request to the target API, injecting auth headers and routing through Squid.
+ */
+function proxyRequest(req, res, targetHost, injectHeaders) {
+  // Build target URL
+  const targetUrl = new URL(req.url, `https://${targetHost}`);
+
+  // Read the request body
+  const chunks = [];
+  req.on('data', chunk => chunks.push(chunk));
+  req.on('end', () => {
+    const body = Buffer.concat(chunks);
+
+    // Copy incoming headers, inject auth headers
+    const headers = { ...req.headers };
+    delete headers.host; // Replace with target host
+    Object.assign(headers, injectHeaders);
+
+    const options = {
+      hostname: targetHost,
+      port: 443,
+      path: targetUrl.pathname + targetUrl.search,
+      method: req.method,
+      headers,
+      agent: proxyAgent, // Route through Squid
+    };
+
+    const proxyReq = https.request(options, (proxyRes) => {
+      res.writeHead(proxyRes.statusCode, proxyRes.headers);
+      proxyRes.pipe(res);
+    });
+
+    proxyReq.on('error', (err) => {
+      console.error(`[API Proxy] Error proxying to ${targetHost}: ${err.message}`);
+      if (!res.headersSent) {
+        res.writeHead(502, { 'Content-Type': 'application/json' });
+      }
+      res.end(JSON.stringify({ error: 'Proxy error', message: err.message }));
+    });
+
+    if (body.length > 0) {
+      proxyReq.write(body);
     }
+    proxyReq.end();
   });
-});
+}
+
+// Health port is always 10000 — this is what Docker healthcheck hits
+const HEALTH_PORT = 10000;
 
 // OpenAI API proxy (port 10000)
 if (OPENAI_API_KEY) {
-  app.use(createProxyMiddleware({
-    target: 'https://api.openai.com',
-    changeOrigin: true,
-    secure: true,
-    onProxyReq: (proxyReq, req, res) => {
-      // Inject Authorization header
-      proxyReq.setHeader('Authorization', `Bearer ${OPENAI_API_KEY}`);
-      console.log(`[OpenAI Proxy] ${req.method} ${req.url}`);
-    },
-    onError: (err, req, res) => {
-      console.error(`[OpenAI Proxy] Error: ${err.message}`);
-      res.status(502).json({ error: 'Proxy error', message: err.message });
+  const server = http.createServer((req, res) => {
+    if (req.url === '/health' && req.method === 'GET') {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({
+        status: 'healthy',
+        service: 'awf-api-proxy',
+        squid_proxy: HTTPS_PROXY || 'not configured',
+        providers: { openai: true, anthropic: !!ANTHROPIC_API_KEY },
+      }));
+      return;
+    }
+
+    console.log(`[OpenAI Proxy] ${req.method} ${req.url}`);
+    proxyRequest(req, res, 'api.openai.com', {
+      'Authorization': `Bearer ${OPENAI_API_KEY}`,
+    });
+  });
+
+  server.listen(HEALTH_PORT, '0.0.0.0', () => {
+    console.log(`[API Proxy] OpenAI proxy listening on port ${HEALTH_PORT}`);
+  });
+} else {
+  // No OpenAI key — still need a health endpoint on port 10000 for Docker healthcheck
+  const server = http.createServer((req, res) => {
+    if (req.url === '/health' && req.method === 'GET') {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({
+        status: 'healthy',
+        service: 'awf-api-proxy',
+        squid_proxy: HTTPS_PROXY || 'not configured',
+        providers: { openai: false, anthropic: !!ANTHROPIC_API_KEY },
+      }));
+      return;
     }
-  }));
 
-  app.listen(10000, '0.0.0.0', () => {
-    console.log('[API Proxy] OpenAI proxy listening on port 10000');
-    console.log('[API Proxy] Routing through Squid to api.openai.com');
+    res.writeHead(404, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: 'OpenAI proxy not configured (no OPENAI_API_KEY)' }));
+  });
+
+  server.listen(HEALTH_PORT, '0.0.0.0', () => {
+    console.log(`[API Proxy] Health endpoint listening on port ${HEALTH_PORT} (OpenAI not configured)`);
   });
 }
 
 // Anthropic API proxy (port 10001)
 if (ANTHROPIC_API_KEY) {
-  const anthropicApp = express();
+  const server = http.createServer((req, res) => {
+    if (req.url === '/health' && req.method === 'GET') {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ status: 'healthy', service: 'anthropic-proxy' }));
+      return;
+    }
 
-  anthropicApp.get('/health', (req, res) => {
-    res.status(200).json({ status: 'healthy', service: 'anthropic-proxy' });
+    console.log(`[Anthropic Proxy] ${req.method} ${req.url}`);
+    proxyRequest(req, res, 'api.anthropic.com', {
+      'x-api-key': ANTHROPIC_API_KEY,
+      'anthropic-version': '2023-06-01',
+    });
   });
 
-  anthropicApp.use(createProxyMiddleware({
-    target: 'https://api.anthropic.com',
-    changeOrigin: true,
-    secure: true,
-    onProxyReq: (proxyReq, req, res) => {
-      // Inject Anthropic authentication headers
-      proxyReq.setHeader('x-api-key', ANTHROPIC_API_KEY);
-      proxyReq.setHeader('anthropic-version', '2023-06-01');
-      console.log(`[Anthropic Proxy] ${req.method} ${req.url}`);
-    },
-    onError: (err, req, res) => {
-      console.error(`[Anthropic Proxy] Error: ${err.message}`);
-      res.status(502).json({ error: 'Proxy error', message: err.message });
-    }
-  }));
-
-  anthropicApp.listen(10001, '0.0.0.0', () => {
+  server.listen(10001, '0.0.0.0', () => {
     console.log('[API Proxy] Anthropic proxy listening on port 10001');
-    console.log('[API Proxy] Routing through Squid to api.anthropic.com');
   });
 }
 

containers/api-proxy/server.js

@@ -43,8 +43,10 @@ export async function runMainWorkflow(
   logger.info('Setting up host-level firewall network and iptables rules...');
   const networkConfig = await dependencies.ensureFirewallNetwork();
   const dnsServers = config.dnsServers || ['8.8.8.8', '8.8.4.4'];
-  // API proxy (when enabled) does NOT get a firewall exemption - it routes through Squid
-  await dependencies.setupHostIptables(networkConfig.squidIp, 3128, dnsServers);
+  // When API proxy is enabled, allow agent→sidecar traffic at the host level.
+  // The sidecar itself routes through Squid, so domain whitelisting is still enforced.
+  const apiProxyIp = config.enableApiProxy ? networkConfig.proxyIp : undefined;
+  await dependencies.setupHostIptables(networkConfig.squidIp, 3128, dnsServers, apiProxyIp);
   onHostIptablesSetup?.();
 
   // Step 1: Write configuration files

src/cli-workflow.ts

@@ -1550,7 +1550,7 @@ describe('docker-manager', () => {
         const result = generateDockerCompose(configWithProxy, mockNetworkConfigWithProxy);
         const agent = result.services.agent;
         const env = agent.environment as Record<string, string>;
-        expect(env.OPENAI_BASE_URL).toBe('http://api-proxy:10000');
+        expect(env.OPENAI_BASE_URL).toBe('http://172.30.0.30:10000');
       });
 
       it('should configure HTTP_PROXY and HTTPS_PROXY in api-proxy to route through Squid', () => {
@@ -1567,16 +1567,16 @@ describe('docker-manager', () => {
         const result = generateDockerCompose(configWithProxy, mockNetworkConfigWithProxy);
         const agent = result.services.agent;
         const env = agent.environment as Record<string, string>;
-        expect(env.ANTHROPIC_BASE_URL).toBe('http://api-proxy:10001');
+        expect(env.ANTHROPIC_BASE_URL).toBe('http://172.30.0.30:10001');
       });
 
       it('should set both BASE_URL variables when both keys are provided', () => {
         const configWithProxy = { ...mockConfig, enableApiProxy: true, openaiApiKey: 'sk-test-openai-key', anthropicApiKey: 'sk-ant-test-key' };
         const result = generateDockerCompose(configWithProxy, mockNetworkConfigWithProxy);
         const agent = result.services.agent;
         const env = agent.environment as Record<string, string>;
-        expect(env.OPENAI_BASE_URL).toBe('http://api-proxy:10000');
-        expect(env.ANTHROPIC_BASE_URL).toBe('http://api-proxy:10001');
+        expect(env.OPENAI_BASE_URL).toBe('http://172.30.0.30:10000');
+        expect(env.ANTHROPIC_BASE_URL).toBe('http://172.30.0.30:10001');
       });
 
       it('should not set OPENAI_BASE_URL in agent when only Anthropic key is provided', () => {
@@ -1585,7 +1585,7 @@ describe('docker-manager', () => {
         const agent = result.services.agent;
         const env = agent.environment as Record<string, string>;
         expect(env.OPENAI_BASE_URL).toBeUndefined();
-        expect(env.ANTHROPIC_BASE_URL).toBe('http://api-proxy:10001');
+        expect(env.ANTHROPIC_BASE_URL).toBe('http://172.30.0.30:10001');
       });
 
       it('should not set ANTHROPIC_BASE_URL in agent when only OpenAI key is provided', () => {
@@ -1594,7 +1594,7 @@ describe('docker-manager', () => {
         const agent = result.services.agent;
         const env = agent.environment as Record<string, string>;
         expect(env.ANTHROPIC_BASE_URL).toBeUndefined();
-        expect(env.OPENAI_BASE_URL).toBe('http://api-proxy:10000');
+        expect(env.OPENAI_BASE_URL).toBe('http://172.30.0.30:10000');
       });
     });
   });