feat: add Google Gemini API proxy support (port 10003) (#1640)

* feat: add Google Gemini API proxy support (port 10003)

Add full Gemini API proxy support to the AWF api-proxy sidecar,
matching the pattern of existing OpenAI, Anthropic, and Copilot
providers. This enables Gemini CLI to work inside the AWF sandbox
without requiring workarounds in gh-aw.

Changes:
- Add GEMINI port 10003 to API_PROXY_PORTS
- Add geminiApiKey, geminiApiTarget, geminiApiBasePath to WrapperConfig
- Add --gemini-api-target and --gemini-api-base-path CLI flags
- Add GEMINI_API_KEY to excluded env vars when api-proxy is enabled
- Set placeholder GEMINI_API_KEY in agent container (Gemini CLI
  v0.65.0+ exits 41 without auth when GEMINI_API_BASE_URL is set)
- Set GEMINI_API_BASE_URL pointing to sidecar in agent env
- Add .gemini to whitelisted home subdirectories (bind mount + chroot)
- Add Gemini proxy server in server.js using x-goog-api-key header
- Expose port 10003 in Dockerfile

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* test: add tests for Gemini API proxy support in docker-manager (#1654)

Agent-Logs-Url: https://github.com/github/gh-aw-firewall/sessions/03ba1344-8f2e-4d67-890f-46e665522db4

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

* test: add missing Gemini API target test coverage to fix CI branch coverage regression (#1662)

* test: add missing Gemini API target test coverage in cli.test.ts

Agent-Logs-Url: https://github.com/github/gh-aw-firewall/sessions/0ed05562-3ddb-490f-9b6a-dd5cfa3bb0fc

* fix: rename describe block to reflect all API target constants

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Landon Cox <landon.cox@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>

Author: 3 people

containers/api-proxy/Dockerfile

@@ -27,8 +27,9 @@ USER apiproxy
 # 10000 - OpenAI API proxy (also serves as health check endpoint)
 # 10001 - Anthropic API proxy
 # 10002 - GitHub Copilot API proxy
+# 10003 - Google Gemini API proxy
 # 10004 - OpenCode API proxy (routes to Anthropic)
-EXPOSE 10000 10001 10002 10004
+EXPOSE 10000 10001 10002 10003 10004
 
 # Use exec form so node is PID 1 and receives SIGTERM directly
 CMD ["node", "server.js"]

containers/api-proxy/server.js

@@ -62,10 +62,12 @@ function shouldStripHeader(name) {
 const OPENAI_API_KEY = (process.env.OPENAI_API_KEY || '').trim() || undefined;
 const ANTHROPIC_API_KEY = (process.env.ANTHROPIC_API_KEY || '').trim() || undefined;
 const COPILOT_GITHUB_TOKEN = (process.env.COPILOT_GITHUB_TOKEN || '').trim() || undefined;
+const GEMINI_API_KEY = (process.env.GEMINI_API_KEY || '').trim() || undefined;
 
 // Configurable API target hosts (supports custom endpoints / internal LLM routers)
 const OPENAI_API_TARGET = process.env.OPENAI_API_TARGET || 'api.openai.com';
 const ANTHROPIC_API_TARGET = process.env.ANTHROPIC_API_TARGET || 'api.anthropic.com';
+const GEMINI_API_TARGET = process.env.GEMINI_API_TARGET || 'generativelanguage.googleapis.com';
 
 /**
  * Normalizes a base path for use as a URL path prefix.
@@ -115,6 +117,7 @@ function buildUpstreamPath(reqUrl, targetHost, basePath) {
 // Optional base path prefixes for API targets (e.g. /serving-endpoints for Databricks)
 const OPENAI_API_BASE_PATH = normalizeBasePath(process.env.OPENAI_API_BASE_PATH);
 const ANTHROPIC_API_BASE_PATH = normalizeBasePath(process.env.ANTHROPIC_API_BASE_PATH);
+const GEMINI_API_BASE_PATH = normalizeBasePath(process.env.GEMINI_API_BASE_PATH);
 
 // Configurable Copilot API target host (supports GHES/GHEC / custom endpoints)
 // Priority: COPILOT_API_TARGET env var > auto-derive from GITHUB_SERVER_URL > default
@@ -160,15 +163,18 @@ logRequest('info', 'startup', {
   api_targets: {
     openai: OPENAI_API_TARGET,
     anthropic: ANTHROPIC_API_TARGET,
+    gemini: GEMINI_API_TARGET,
     copilot: COPILOT_API_TARGET,
   },
   api_base_paths: {
     openai: OPENAI_API_BASE_PATH || '(none)',
     anthropic: ANTHROPIC_API_BASE_PATH || '(none)',
+    gemini: GEMINI_API_BASE_PATH || '(none)',
   },
   providers: {
     openai: !!OPENAI_API_KEY,
     anthropic: !!ANTHROPIC_API_KEY,
+    gemini: !!GEMINI_API_KEY,
     copilot: !!COPILOT_GITHUB_TOKEN,
   },
 });
@@ -707,6 +713,7 @@ function healthResponse() {
     providers: {
       openai: !!OPENAI_API_KEY,
       anthropic: !!ANTHROPIC_API_KEY,
+      gemini: !!GEMINI_API_KEY,
       copilot: !!COPILOT_GITHUB_TOKEN,
     },
     metrics_summary: metrics.getSummary(),
@@ -840,6 +847,34 @@ if (require.main === module) {
     });
   }
 
+  // Google Gemini API proxy (port 10003)
+  if (GEMINI_API_KEY) {
+    const geminiServer = http.createServer((req, res) => {
+      if (req.url === '/health' && req.method === 'GET') {
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ status: 'healthy', service: 'gemini-proxy' }));
+        return;
+      }
+
+      const contentLength = parseInt(req.headers['content-length'], 10) || 0;
+      if (checkRateLimit(req, res, 'gemini', contentLength)) return;
+
+      proxyRequest(req, res, GEMINI_API_TARGET, {
+        'x-goog-api-key': GEMINI_API_KEY,
+      }, 'gemini', GEMINI_API_BASE_PATH);
+    });
+
+    geminiServer.on('upgrade', (req, socket, head) => {
+      proxyWebSocket(req, socket, head, GEMINI_API_TARGET, {
+        'x-goog-api-key': GEMINI_API_KEY,
+      }, 'gemini', GEMINI_API_BASE_PATH);
+    });
+
+    geminiServer.listen(10003, '0.0.0.0', () => {
+      logRequest('info', 'server_start', { message: 'Google Gemini proxy listening on port 10003', target: GEMINI_API_TARGET });
+    });
+  }
+
   // OpenCode API proxy (port 10004) — routes to Anthropic (default BYOK provider)
   // OpenCode gets a separate port from Claude (10001) for per-engine rate limiting,
   // metrics isolation, and future provider routing (OpenCode is BYOK and may route

src/cli.test.ts

@@ -1,5 +1,5 @@
 import { Command } from 'commander';
-import { parseEnvironmentVariables, parseDomains, parseDomainsFile, escapeShellArg, joinShellArgs, parseVolumeMounts, isValidIPv4, isValidIPv6, parseDnsServers, parseDnsOverHttps, validateAgentImage, isAgentImagePreset, AGENT_IMAGE_PRESETS, processAgentImageOption, processLocalhostKeyword, validateSkipPullWithBuildLocal, validateAllowHostPorts, validateAllowHostServicePorts, applyHostServicePortsConfig, parseMemoryLimit, validateFormat, validateApiProxyConfig, buildRateLimitConfig, validateRateLimitFlags, hasRateLimitOptions, collectRulesetFile, validateApiTargetInAllowedDomains, DEFAULT_OPENAI_API_TARGET, DEFAULT_ANTHROPIC_API_TARGET, DEFAULT_COPILOT_API_TARGET, emitApiProxyTargetWarnings, formatItem, program, parseAgentTimeout, applyAgentTimeout, handlePredownloadAction, resolveApiTargetsToAllowedDomains, extractGhesDomainsFromEngineApiTarget, extractGhecDomainsFromServerUrl } from './cli';
+import { parseEnvironmentVariables, parseDomains, parseDomainsFile, escapeShellArg, joinShellArgs, parseVolumeMounts, isValidIPv4, isValidIPv6, parseDnsServers, parseDnsOverHttps, validateAgentImage, isAgentImagePreset, AGENT_IMAGE_PRESETS, processAgentImageOption, processLocalhostKeyword, validateSkipPullWithBuildLocal, validateAllowHostPorts, validateAllowHostServicePorts, applyHostServicePortsConfig, parseMemoryLimit, validateFormat, validateApiProxyConfig, buildRateLimitConfig, validateRateLimitFlags, hasRateLimitOptions, collectRulesetFile, validateApiTargetInAllowedDomains, DEFAULT_OPENAI_API_TARGET, DEFAULT_ANTHROPIC_API_TARGET, DEFAULT_COPILOT_API_TARGET, DEFAULT_GEMINI_API_TARGET, emitApiProxyTargetWarnings, formatItem, program, parseAgentTimeout, applyAgentTimeout, handlePredownloadAction, resolveApiTargetsToAllowedDomains, extractGhesDomainsFromEngineApiTarget, extractGhecDomainsFromServerUrl } from './cli';
 import { redactSecrets } from './redact-secrets';
 import * as fs from 'fs';
 import * as path from 'path';
@@ -1780,11 +1780,12 @@ describe('cli', () => {
     });
   });
 
-  describe('DEFAULT_OPENAI_API_TARGET and DEFAULT_ANTHROPIC_API_TARGET', () => {
+  describe('DEFAULT_*_API_TARGET constants', () => {
     it('should have correct default values', () => {
       expect(DEFAULT_OPENAI_API_TARGET).toBe('api.openai.com');
       expect(DEFAULT_ANTHROPIC_API_TARGET).toBe('api.anthropic.com');
       expect(DEFAULT_COPILOT_API_TARGET).toBe('api.githubcopilot.com');
+      expect(DEFAULT_GEMINI_API_TARGET).toBe('generativelanguage.googleapis.com');
     });
   });
 
@@ -1988,6 +1989,55 @@ describe('cli', () => {
       expect(warnings[1]).toContain('--anthropic-api-target=anthropic.internal');
       expect(warnings[2]).toContain('--copilot-api-target=copilot.internal');
     });
+
+    it('should emit warning for custom Gemini target not in allowed domains', () => {
+      const warnings: string[] = [];
+      emitApiProxyTargetWarnings(
+        { enableApiProxy: true, geminiApiTarget: 'custom.gemini-router.internal' },
+        ['github.com'],
+        (msg) => warnings.push(msg)
+      );
+      expect(warnings).toHaveLength(1);
+      expect(warnings[0]).toContain('--gemini-api-target=custom.gemini-router.internal');
+    });
+
+    it('should emit no warnings when custom Gemini target is in allowed domains', () => {
+      const warnings: string[] = [];
+      emitApiProxyTargetWarnings(
+        { enableApiProxy: true, geminiApiTarget: 'gemini.example.com' },
+        ['example.com'],
+        (msg) => warnings.push(msg)
+      );
+      expect(warnings).toHaveLength(0);
+    });
+
+    it('should use default Gemini target when geminiApiTarget is undefined', () => {
+      const warnings: string[] = [];
+      emitApiProxyTargetWarnings(
+        { enableApiProxy: true, geminiApiTarget: undefined },
+        ['github.com'],
+        (msg) => warnings.push(msg)
+      );
+      // Default target is not in 'github.com' but since it IS the default, no warning is emitted
+      expect(warnings).toHaveLength(0);
+    });
+
+    it('should emit warnings for all four custom targets when none are in allowed domains', () => {
+      const warnings: string[] = [];
+      emitApiProxyTargetWarnings(
+        {
+          enableApiProxy: true,
+          openaiApiTarget: 'openai.internal',
+          anthropicApiTarget: 'anthropic.internal',
+          copilotApiTarget: 'copilot.internal',
+          geminiApiTarget: 'gemini.internal',
+        },
+        ['github.com'],
+        (msg) => warnings.push(msg)
+      );
+      expect(warnings).toHaveLength(4);
+      expect(warnings[3]).toContain('--gemini-api-target=gemini.internal');
+    });
   });
 
   describe('resolveApiTargetsToAllowedDomains', () => {
@@ -2117,6 +2167,28 @@ describe('cli', () => {
       // Whitespace-only and empty values are filtered out
       expect(domains).toHaveLength(0);
     });
+
+    it('should add gemini-api-target option to allowed domains', () => {
+      const domains: string[] = ['github.com'];
+      resolveApiTargetsToAllowedDomains({ geminiApiTarget: 'custom.gemini.internal' }, domains);
+      expect(domains).toContain('custom.gemini.internal');
+      expect(domains).toContain('https://custom.gemini.internal');
+    });
+
+    it('should read GEMINI_API_TARGET from env when flag not set', () => {
+      const domains: string[] = [];
+      const env = { GEMINI_API_TARGET: 'env.gemini.internal' };
+      resolveApiTargetsToAllowedDomains({}, domains, env);
+      expect(domains).toContain('env.gemini.internal');
+    });
+
+    it('should prefer geminiApiTarget option over GEMINI_API_TARGET env var', () => {
+      const domains: string[] = [];
+      const env = { GEMINI_API_TARGET: 'env.gemini.internal' };
+      resolveApiTargetsToAllowedDomains({ geminiApiTarget: 'flag.gemini.internal' }, domains, env);
+      expect(domains).toContain('flag.gemini.internal');
+      expect(domains).not.toContain('env.gemini.internal');
+    });
   });
 
   describe('formatItem', () => {

src/cli.ts

@@ -252,6 +252,8 @@ export function processAgentImageOption(
 export const DEFAULT_OPENAI_API_TARGET = 'api.openai.com';
 /** Default upstream hostname for Anthropic API requests in the api-proxy sidecar */
 export const DEFAULT_ANTHROPIC_API_TARGET = 'api.anthropic.com';
+/** Default upstream hostname for Google Gemini API requests in the api-proxy sidecar */
+export const DEFAULT_GEMINI_API_TARGET = 'generativelanguage.googleapis.com';
 /** Default upstream hostname for GitHub Copilot API requests in the api-proxy sidecar (when running on github.com) */
 export const DEFAULT_COPILOT_API_TARGET = 'api.githubcopilot.com';
 
@@ -345,7 +347,7 @@ export function validateApiTargetInAllowedDomains(
  * @param warn - Function to emit a warning message
  */
 export function emitApiProxyTargetWarnings(
-  config: { enableApiProxy?: boolean; openaiApiTarget?: string; anthropicApiTarget?: string; copilotApiTarget?: string },
+  config: { enableApiProxy?: boolean; openaiApiTarget?: string; anthropicApiTarget?: string; copilotApiTarget?: string; geminiApiTarget?: string },
   allowedDomains: string[],
   warn: (msg: string) => void
 ): void {
@@ -380,6 +382,16 @@ export function emitApiProxyTargetWarnings(
   if (copilotTargetWarning) {
     warn(`⚠️  ${copilotTargetWarning}`);
   }
+
+  const geminiTargetWarning = validateApiTargetInAllowedDomains(
+    config.geminiApiTarget ?? DEFAULT_GEMINI_API_TARGET,
+    DEFAULT_GEMINI_API_TARGET,
+    '--gemini-api-target',
+    allowedDomains
+  );
+  if (geminiTargetWarning) {
+    warn(`⚠️  ${geminiTargetWarning}`);
+  }
 }
 
 /**
@@ -495,6 +507,7 @@ export function resolveApiTargetsToAllowedDomains(
     copilotApiTarget?: string;
     openaiApiTarget?: string;
     anthropicApiTarget?: string;
+    geminiApiTarget?: string;
   },
   allowedDomains: string[],
   env: Record<string, string | undefined> = process.env,
@@ -520,6 +533,12 @@ export function resolveApiTargetsToAllowedDomains(
     apiTargets.push(env['ANTHROPIC_API_TARGET']);
   }
 
+  if (options.geminiApiTarget) {
+    apiTargets.push(options.geminiApiTarget);
+  } else if (env['GEMINI_API_TARGET']) {
+    apiTargets.push(env['GEMINI_API_TARGET']);
+  }
+
   // Auto-populate GHEC domains when GITHUB_SERVER_URL points to a *.ghe.com tenant
   const ghecDomains = extractGhecDomainsFromServerUrl(env);
   if (ghecDomains.length > 0) {
@@ -1371,6 +1390,14 @@ program
     '--anthropic-api-base-path <path>',
     'Base path prefix for Anthropic API requests (e.g. /anthropic)',
   )
+  .option(
+    '--gemini-api-target <host>',
+    'Target hostname for Gemini API requests (default: generativelanguage.googleapis.com)',
+  )
+  .option(
+    '--gemini-api-base-path <path>',
+    'Base path prefix for Gemini API requests',
+  )
   .option(
     '--rate-limit-rpm <n>',
     'Max requests per minute per provider (requires --enable-api-proxy)',
@@ -1751,11 +1778,14 @@ program
       openaiApiKey: process.env.OPENAI_API_KEY,
       anthropicApiKey: process.env.ANTHROPIC_API_KEY,
       copilotGithubToken: process.env.COPILOT_GITHUB_TOKEN,
+      geminiApiKey: process.env.GEMINI_API_KEY,
       copilotApiTarget: options.copilotApiTarget || process.env.COPILOT_API_TARGET,
       openaiApiTarget: options.openaiApiTarget || process.env.OPENAI_API_TARGET,
       openaiApiBasePath: options.openaiApiBasePath || process.env.OPENAI_API_BASE_PATH,
       anthropicApiTarget: options.anthropicApiTarget || process.env.ANTHROPIC_API_TARGET,
       anthropicApiBasePath: options.anthropicApiBasePath || process.env.ANTHROPIC_API_BASE_PATH,
+      geminiApiTarget: options.geminiApiTarget || process.env.GEMINI_API_TARGET,
+      geminiApiBasePath: options.geminiApiBasePath || process.env.GEMINI_API_BASE_PATH,
     };
 
     // Parse and validate --agent-timeout