Merge remote-tracking branch 'origin/main' into copilot/awf-fix-gpt5-4-edit-tool-call-error

# Conflicts:
#	containers/api-proxy/providers/copilot.js

Author: Copilot

containers/api-proxy/providers/anthropic.js

@@ -11,7 +11,12 @@
  * Body transforms: model alias rewriting + optional prompt-cache optimisations
  */
 
-const { composeBodyTransforms, createBaseAdapterConfig, createAdapterMethods } = require('../proxy-utils');
+const {
+  composeBodyTransforms,
+  makeProviderNotConfiguredResponse,
+  createBaseAdapterConfig,
+  createAdapterMethods,
+} = require('../proxy-utils');
 
 let makeAnthropicTransform, loadCustomTransform, EXTENDED_CACHE_BETA;
 try {
@@ -144,17 +149,11 @@ function createAnthropicAdapter(env, deps = {}) {
 
     /** Response returned for all requests when no ANTHROPIC_API_KEY is configured. */
     getUnconfiguredResponse() {
-      return {
-        statusCode: 503,
-        body: {
-          error: {
-            message: 'Credentials for Anthropic (port 10001) are not configured. Set ANTHROPIC_API_KEY to enable this provider.',
-            type: 'provider_not_configured',
-            provider: 'anthropic',
-            port: 10001,
-          },
-        },
-      };
+      return makeProviderNotConfiguredResponse(
+        'anthropic',
+        10001,
+        'Credentials for Anthropic (port 10001) are not configured. Set ANTHROPIC_API_KEY to enable this provider.'
+      );
     },
 
     /** /health response when not configured. */

containers/api-proxy/providers/copilot.js

@@ -14,7 +14,13 @@
  * accepts OAuth tokens, not API keys.
  */
 
-const { normalizeApiTarget, normalizeBasePath, createAdapterMethods, composeBodyTransforms } = require('../proxy-utils');
+const {
+  normalizeApiTarget,
+  normalizeBasePath,
+  makeProviderNotConfiguredResponse,
+  createAdapterMethods,
+  composeBodyTransforms,
+} = require('../proxy-utils');
 const { URL } = require('url');
 
 /**
@@ -343,17 +349,11 @@ function createCopilotAdapter(env, deps = {}) {
 
     /** Response returned for all requests when no Copilot credentials are configured. */
     getUnconfiguredResponse() {
-      return {
-        statusCode: 503,
-        body: {
-          error: {
-            message: 'Credentials for GitHub Copilot (port 10002) are not configured. Set COPILOT_GITHUB_TOKEN or COPILOT_API_KEY to enable this provider.',
-            type: 'provider_not_configured',
-            provider: 'copilot',
-            port: 10002,
-          },
-        },
-      };
+      return makeProviderNotConfiguredResponse(
+        'copilot',
+        10002,
+        'Credentials for GitHub Copilot (port 10002) are not configured. Set COPILOT_GITHUB_TOKEN or COPILOT_API_KEY to enable this provider.'
+      );
     },
 
     /** /health response when not configured. */

containers/api-proxy/providers/opencode.js

@@ -1,5 +1,5 @@
 'use strict';
-const { createAdapterMethods } = require('../proxy-utils');
+const { makeProviderNotConfiguredResponse, createAdapterMethods } = require('../proxy-utils');
 
 /**
  * OpenCode provider adapter.
@@ -178,29 +178,17 @@ function createOpenCodeAdapter(env, { candidateAdapters = [] } = {}) {
     /** Response returned for all requests when OpenCode is not configured. */
     getUnconfiguredResponse() {
       if (!enabled) {
-        return {
-          statusCode: 503,
-          body: {
-            error: {
-              message: 'OpenCode proxy (port 10004) is not enabled. Set AWF_ENABLE_OPENCODE=true and configure at least one of OPENAI_API_KEY, ANTHROPIC_API_KEY, COPILOT_GITHUB_TOKEN, or COPILOT_API_KEY.',
-              type: 'provider_not_configured',
-              provider: 'opencode',
-              port: 10004,
-            },
-          },
-        };
+        return makeProviderNotConfiguredResponse(
+          'opencode',
+          10004,
+          'OpenCode proxy (port 10004) is not enabled. Set AWF_ENABLE_OPENCODE=true and configure at least one of OPENAI_API_KEY, ANTHROPIC_API_KEY, COPILOT_GITHUB_TOKEN, or COPILOT_API_KEY.'
+        );
       }
-      return {
-        statusCode: 503,
-        body: {
-          error: {
-            message: 'Credentials for OpenCode (port 10004) are not configured. Set at least one of OPENAI_API_KEY, ANTHROPIC_API_KEY, COPILOT_GITHUB_TOKEN, or COPILOT_API_KEY.',
-            type: 'provider_not_configured',
-            provider: 'opencode',
-            port: 10004,
-          },
-        },
-      };
+      return makeProviderNotConfiguredResponse(
+        'opencode',
+        10004,
+        'Credentials for OpenCode (port 10004) are not configured. Set at least one of OPENAI_API_KEY, ANTHROPIC_API_KEY, COPILOT_GITHUB_TOKEN, or COPILOT_API_KEY.'
+      );
     },
 
     /** /health response when not configured. */

containers/api-proxy/proxy-request.js

@@ -93,6 +93,70 @@ function extractBillingHeaders(headers) {
   return hasBilling ? billing : null;
 }
 
+/**
+ * Sanitize OpenAI-compatible request history where tool_calls[].type is null.
+ *
+ * Normalizes null type to "function" when a function payload is present.
+ * Otherwise, drops the malformed tool_call entry.
+ *
+ * @param {Buffer} body
+ * @returns {{ body: Buffer, normalizedCount: number, droppedCount: number }|null}
+ */
+function sanitizeNullToolCallTypes(body) {
+  let parsed;
+  try {
+    parsed = JSON.parse(body.toString('utf8'));
+  } catch {
+    return null;
+  }
+
+  if (!parsed || typeof parsed !== 'object' || !Array.isArray(parsed.messages)) {
+    return null;
+  }
+
+  let changed = false;
+  let normalizedCount = 0;
+  let droppedCount = 0;
+
+  for (const message of parsed.messages) {
+    if (!message || typeof message !== 'object' || !Array.isArray(message.tool_calls)) {
+      continue;
+    }
+
+    const nextToolCalls = [];
+    for (const toolCall of message.tool_calls) {
+      if (
+        toolCall &&
+        typeof toolCall === 'object' &&
+        Object.hasOwn(toolCall, 'type') &&
+        toolCall.type === null
+      ) {
+        if (toolCall.function && typeof toolCall.function === 'object') {
+          nextToolCalls.push({ ...toolCall, type: 'function' });
+          normalizedCount += 1;
+        } else {
+          droppedCount += 1;
+        }
+        changed = true;
+        continue;
+      }
+      nextToolCalls.push(toolCall);
+    }
+
+    message.tool_calls = nextToolCalls;
+  }
+
+  if (!changed) {
+    return null;
+  }
+
+  return {
+    body: Buffer.from(JSON.stringify(parsed)),
+    normalizedCount,
+    droppedCount,
+  };
+}
+
 /**
  * Shared RateLimiter instance.
  * Exported so that management endpoints (healthResponse) can read getAllStatus().
@@ -120,6 +184,16 @@ const effectiveTokenConfigCache = {
   rawMultipliers: undefined,
   parsed: { max: null, multipliers: {} },
 };
+let timeoutSteeringState = {
+  configKey: null,
+  startTimeMs: 0,
+  emittedThresholds: new Set(),
+  uninjectedThresholds: new Set(),
+};
+const timeoutSteeringConfigCache = {
+  rawMinutes: undefined,
+  parsedMinutes: null,
+};
 
 // ── Max-runs guard ────────────────────────────────────────────────────────────
 let maxRunsGuardState = {
@@ -138,6 +212,54 @@ function parseMaxRuns(raw) {
   return parsed;
 }
 
+function createTimeoutSteeringState(configKey = null, startTimeMs = Date.now()) {
+  return {
+    configKey,
+    startTimeMs,
+    emittedThresholds: new Set(),
+    uninjectedThresholds: new Set(),
+  };
+}
+
+function parseAgentTimeoutMinutes(raw) {
+  if (raw === undefined || raw === null || String(raw).trim() === '') return null;
+  const parsed = Number(raw);
+  if (!Number.isInteger(parsed) || parsed <= 0) return null;
+  return parsed;
+}
+
+function getTimeoutSteeringConfig() {
+  const rawMinutes = process.env.AWF_AGENT_TIMEOUT_MINUTES;
+  if (timeoutSteeringConfigCache.rawMinutes === rawMinutes) {
+    return timeoutSteeringConfigCache.parsedMinutes;
+  }
+  timeoutSteeringConfigCache.rawMinutes = rawMinutes;
+  timeoutSteeringConfigCache.parsedMinutes = parseAgentTimeoutMinutes(rawMinutes);
+  return timeoutSteeringConfigCache.parsedMinutes;
+}
+
+function getTimeoutSteeringState(timeoutMinutes) {
+  if (!timeoutMinutes) return null;
+  const configKey = String(timeoutMinutes);
+  if (timeoutSteeringState.configKey !== configKey) {
+    timeoutSteeringState = createTimeoutSteeringState(configKey);
+  }
+  return timeoutSteeringState;
+}
+
+function updateTimeoutSteeringThresholds(state, timeoutMinutes) {
+  if (!state || !timeoutMinutes) return;
+  const elapsedMs = Math.max(0, Date.now() - state.startTimeMs);
+  const timeoutMs = timeoutMinutes * 60 * 1000;
+  const percentElapsed = (elapsedMs / timeoutMs) * 100;
+  for (const threshold of ET_WARNING_THRESHOLDS) {
+    if (percentElapsed >= threshold && !state.emittedThresholds.has(threshold)) {
+      state.emittedThresholds.add(threshold);
+      state.uninjectedThresholds.add(threshold);
+    }
+  }
+}
+
 function getMaxRunsConfig() {
   const rawMax = process.env.AWF_MAX_RUNS;
   if (maxRunsConfigCache.rawMax === rawMax) {
@@ -376,6 +498,12 @@ const ET_STEERING_MESSAGES = {
   95: 'You have used 95% of your effective token budget. Finalize and submit your work now.',
   99: 'You have used 99% of your effective token budget. You are about to be cut off. Submit immediately.',
 };
+const TIMEOUT_STEERING_MESSAGES = {
+  80: 'You have used 80% of your allotted run time. Begin planning to wrap up your current work.',
+  90: 'You have used 90% of your allotted run time. Complete your current task and prepare final output.',
+  95: 'You have used 95% of your allotted run time. Finalize and submit your work now.',
+  99: 'You have used 99% of your allotted run time. You are about to time out. Submit immediately.',
+};
 
 /**
  * Pop the highest-priority pending steering threshold and return its warning
@@ -398,6 +526,21 @@ function getAndClearPendingSteeringMessage() {
   return `[AWF TOKEN WARNING] ${text}`;
 }
 
+function getAndClearPendingTimeoutSteeringMessage() {
+  const timeoutMinutes = getTimeoutSteeringConfig();
+  const state = getTimeoutSteeringState(timeoutMinutes);
+  if (!state) return null;
+
+  updateTimeoutSteeringThresholds(state, timeoutMinutes);
+  if (state.uninjectedThresholds.size === 0) return null;
+
+  const maxThreshold = Math.max(...state.uninjectedThresholds);
+  state.uninjectedThresholds.delete(maxThreshold);
+  const text = TIMEOUT_STEERING_MESSAGES[maxThreshold] ||
+    `You have used ${maxThreshold}% of your allotted run time.`;
+  return `[AWF TIME WARNING] ${text}`;
+}
+
 /**
  * Inject a token-budget warning message into a request body.
  *
@@ -463,6 +606,12 @@ function injectSteeringMessage(body, provider, message) {
   return Buffer.from(JSON.stringify(parsed));
 }
 
+function resetTimeoutSteeringForTests() {
+  timeoutSteeringState = createTimeoutSteeringState();
+  timeoutSteeringConfigCache.rawMinutes = undefined;
+  timeoutSteeringConfigCache.parsedMinutes = null;
+}
+
 // ── Utility ───────────────────────────────────────────────────────────────────
 
 /**
@@ -628,19 +777,36 @@ function proxyRequest(req, res, targetHost, injectHeaders, provider, basePath =
       if (transformed) body = transformed;
     }
 
+    if (req.method === 'POST' || req.method === 'PUT' || req.method === 'PATCH') {
+      const sanitized = sanitizeNullToolCallTypes(body);
+      if (sanitized) {
+        body = sanitized.body;
+        logRequest('info', 'request_sanitized', {
+          request_id: requestId,
+          provider,
+          normalized_tool_calls: sanitized.normalizedCount,
+          dropped_tool_calls: sanitized.droppedCount,
+        });
+      }
+    }
+
     // Token steering: inject budget-warning messages into the request body when
     // cumulative usage has crossed a threshold since the last injection.
     // Gated by AWF_ENABLE_TOKEN_STEERING=true (opt-in).
     if (isSteeringEnabled() && (req.method === 'POST' || req.method === 'PUT')) {
-      const steeringMsg = getAndClearPendingSteeringMessage();
-      if (steeringMsg) {
-        const steered = injectSteeringMessage(body, provider, steeringMsg);
+      const steeringMessages = [
+        { type: 'timeout', message: getAndClearPendingTimeoutSteeringMessage() },
+        { type: 'token', message: getAndClearPendingSteeringMessage() },
+      ];
+      for (const { type, message } of steeringMessages) {
+        if (!message) continue;
+        const steered = injectSteeringMessage(body, provider, message);
         if (steered) {
           body = steered;
-          logRequest('info', 'token_steering', {
+          logRequest('info', `${type}_steering`, {
             request_id: requestId,
             provider,
-            message: steeringMsg,
+            message,
           });
         }
       }
@@ -1023,6 +1189,8 @@ module.exports = {
   // Exported for tests
   resetEffectiveTokenGuardForTests,
   resetMaxRunsGuardForTests,
+  resetTimeoutSteeringForTests,
   getAndClearPendingSteeringMessage,
+  getAndClearPendingTimeoutSteeringMessage,
   injectSteeringMessage,
 };