fix(api-proxy): address review comments on OpenCode port 10004 routing

[Copilot]

Addresses all review comments from the PR #1979 review thread: missing rate limiting on port 10004, inaccurate credential docs referencing an internal token, no .lock.yml for the new smoke workflow, and no test coverage for OpenCode routing.

Changes

• src/types.ts: Corrected JSDoc credential priority to reference user-configurable vars COPILOT_GITHUB_TOKEN/COPILOT_API_KEY instead of the internal derived COPILOT_AUTH_TOKEN

• .github/workflows/smoke-opencode.md: Added explicit note that this workflow has no compiled .lock.yml and is inactive in GitHub Actions; includes instructions for compiling once the opencode engine is supported

• containers/api-proxy/server.js:

  • Added checkRateLimit() to OpenCode HTTP handler (was the only proxy port missing it)
  • Extracted resolveOpenCodeRoute() helper to centralize credential priority and return a needsAnthropicVersion flag, eliminating duplicated header injection logic across HTTP and WebSocket handlers
  • Used resolveOpenCodeRoute() for startup guard — removes the duplicated OPENAI_API_KEY || ANTHROPIC_API_KEY || COPILOT_AUTH_TOKEN check
  • Returns 503 with JSON error body (HTTP) or closes socket with 503 (WebSocket) when no credentials resolve, instead of silently returning

• containers/api-proxy/server.test.js: Added 8 unit tests for resolveOpenCodeRoute() covering all three credential priority branches, mutual exclusivity of auth headers, needsAnthropicVersion flag, and null return when no credentials are set

[Copilot]

Pull request overview

This PR updates the API proxy’s OpenCode (port 10004) routing to address prior review feedback, aligning credential selection, enforcing rate limiting, improving failure behavior, and adding unit coverage.

Changes:

• Updates OpenCode port documentation to reflect the intended credential priority and default routing behavior.
• Adds rate limiting to the OpenCode HTTP handler and centralizes routing/credential header selection via resolveOpenCodeRoute() for both HTTP and WebSocket paths.
• Adds unit tests for resolveOpenCodeRoute() and introduces an (explicitly inactive) smoke workflow definition for OpenCode.

Show a summary per file

File	Description
src/types.ts	Updates JSDoc to reflect correct OpenCode routing defaults and credential priority.
containers/api-proxy/server.js	Adds OpenCode rate limiting, centralizes routing logic, and returns explicit 503 errors when credentials are unavailable.
containers/api-proxy/server.test.js	Adds unit tests covering OpenCode route resolution and header exclusivity behavior.
.github/workflows/smoke-opencode.md	Adds an OpenCode smoke workflow definition with a note that it’s not compiled/active yet.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 4/4 changed files
• Comments generated: 2

[github-actions]

Smoke Test Results

✅ GitHub MCP: #1978 "fix: add size-based filtering to --env-all to prevent E2BIG", #1977 "fix: recover toolchain env vars from $GITHUB_ENV file"
✅ Playwright: github.com title contains "GitHub"
✅ File write: /tmp/gh-aw/agent/smoke-test-claude-24435902136.txt created
✅ Bash verify: file content confirmed

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

🔥 Smoke Test Results

Test	Status
GitHub MCP (list merged PRs → "fix: add size-based filtering..." #1978)	✅
GitHub.com connectivity	✅
File write/read	✅

Overall: PASS

PR: fix(api-proxy): address review comments on OpenCode port 10004 routing
Author: @app/copilot-swe-agent · Assignees: @lpcox @Copilot

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Smoke test matrix:

• GitHub MCP (last 2 merged PRs): ✅ fix: add size-based filtering to --env-all to prevent E2BIG; fix: recover toolchain env vars from $GITHUB_ENV file
• Safe Inputs GH CLI (pr list --limit 2): ❌ tool safeinputs-gh unavailable
• Playwright (github.com title contains GitHub): ✅
• Tavily search (GitHub Agentic Workflows Firewall): ❌ Tavily tool unavailable
• File write + bash cat (/tmp/gh-aw/agent/smoke-test-codex-24435902166.txt): ✅
• Discussion oracle comment: ❌ github-discussion-query unavailable
• Build (npm ci && npm run build): ✅
  Overall status: FAIL

🔮 The oracle has spoken through Smoke Codex

[github-actions]

Smoke Test: GitHub Actions Services Connectivity

Check	Result
Redis PING (host.docker.internal:6379)	✅ +PONG
pg_isready (host.docker.internal:5432)	✅ accepting connections
psql SELECT 1 (smoketest DB, postgres user)	✅ returned 1

All checks passed. (redis-cli was not pre-installed; Redis was verified via raw TCP with nc.)

🔌 Service connectivity validated by Smoke Services

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌
Node.js	v24.14.1	v20.20.2	❌
Go	go1.22.12	go1.22.12	✅

Result: Not all tests passed — Python and Node.js versions differ between host and chroot. The smoke-chroot label was not applied.

Tested by Smoke Chroot

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	ok	✅ PASS
Go	env	✅	ok	✅ PASS
Go	uuid	✅	ok	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	All passed	✅ PASS
Node.js	execa	✅	All passed	✅ PASS
Node.js	p-limit	✅	All passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #1984 · ● 635.1K · ◷