Skip to content

docs: add proxy mode env vars to ENVIRONMENT_VARIABLES.md and link gateway compatibility reference from README #2541

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lpcox merged 2 commits into from
Mar 25, 2026
Merged

docs: add proxy mode env vars to ENVIRONMENT_VARIABLES.md and link gateway compatibility reference from README #2541

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9d09e9a
Initial plan
Copilot Mar 25, 2026
0433599
docs: add proxy mode env vars and gateway compatibility link
Copilot Mar 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,7 @@ This maps ~25 REST URL patterns and GraphQL queries to guard tool names, then ru
| **Guard Response Labeling** | [docs/GUARD_RESPONSE_LABELING.md](docs/GUARD_RESPONSE_LABELING.md) — How guards label MCP responses with secrecy/integrity tags |
| **HTTP Backend Sessions** | [docs/HTTP_BACKEND_SESSION_ID.md](docs/HTTP_BACKEND_SESSION_ID.md) — Session ID management for HTTP transport backends |
| **Architecture Patterns** | [docs/MCP_SERVER_ARCHITECTURE_PATTERNS.md](docs/MCP_SERVER_ARCHITECTURE_PATTERNS.md) — MCP server design patterns and compatibility |
| **Gateway Compatibility** | [docs/GATEWAY_COMPATIBILITY_QUICK_REFERENCE.md](docs/GATEWAY_COMPATIBILITY_QUICK_REFERENCE.md) — Quick reference for gateway compatibility |
| **Security Model** | [docs/aw-security.md](docs/aw-security.md) — Security architecture overview |
| **Contributing** | [CONTRIBUTING.md](CONTRIBUTING.md) — Development setup, building, testing, project structure |

Expand Down
10 changes: 10 additions & 0 deletions docs/ENVIRONMENT_VARIABLES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,16 @@ When using `run_containerized.sh`, these additional variables are available:
| `DOCKER_HOST` | Docker daemon socket path | `/var/run/docker.sock` |
| `DOCKER_API_VERSION` | Docker API version (set by helper scripts, Docker client auto-negotiates) | Set by querying Docker daemon's current API version; falls back to `1.44` if detection fails |

## Proxy Mode Variables

When running `awmg proxy`, these variables configure the upstream GitHub API:

| Variable | Description | Default |
|----------|-------------|---------|
| `GITHUB_API_URL` | Explicit GitHub API endpoint (e.g., `https://copilot-api.mycompany.ghe.com`); used by proxy to set upstream target | (auto-derived) |
| `GITHUB_SERVER_URL` | GitHub server URL; proxy auto-derives API endpoint: `*.ghe.com` → `copilot-api.*.ghe.com`, GHES → `<host>/api/v3`, `github.com` → `api.github.com` | (falls back to `api.github.com`) |

Copilot AI Mar 25, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The GITHUB_SERVER_URL row implies github.com derives to api.github.com, but the code derives to https://api.github.com and requires a parseable URL (including scheme) for derivation; otherwise it falls back to the default upstream. Consider updating the text/examples to explicitly require https://... and include the scheme in the derived endpoints (and optionally mention www.github.com is treated the same).

Suggested change
| `GITHUB_SERVER_URL` | GitHub server URL; proxy auto-derives API endpoint: `*.ghe.com``copilot-api.*.ghe.com`, GHES → `<host>/api/v3`, `github.com``api.github.com` | (falls back to `api.github.com`) |
| `GITHUB_SERVER_URL` | GitHub server URL (must be a full URL including scheme, for example `https://github.com` or `https://www.github.com`); proxy auto-derives the API endpoint: `https://*.ghe.com``https://copilot-api.*.ghe.com`, GHES → `https://<host>/api/v3`, `https://github.com` / `https://www.github.com` `https://api.github.com` | (falls back to `https://api.github.com` if parsing/derivation fails) |

Copilot uses AI. Check for mistakes.
| `GITHUB_TOKEN` / `GH_TOKEN` | GitHub auth token for the proxy to forward requests | (required) |

Copilot AI Mar 25, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GITHUB_TOKEN/GH_TOKEN is documented as “(required)”, but the proxy token is optional: awmg proxy will forward the client’s Authorization header by default when no fallback token is set. Also, the proxy accepts GITHUB_PERSONAL_ACCESS_TOKEN as an env fallback. Please update this row to reflect the optional behavior and the full env var precedence list.

Suggested change
| `GITHUB_TOKEN` / `GH_TOKEN` | GitHub auth token for the proxy to forward requests | (required) |
| `GITHUB_TOKEN` / `GH_TOKEN` / `GITHUB_PERSONAL_ACCESS_TOKEN` | Optional GitHub auth token fallbacks used by the proxy when the client request has no `Authorization` header | Optional; precedence: client `Authorization` header → `GITHUB_TOKEN``GH_TOKEN``GITHUB_PERSONAL_ACCESS_TOKEN` |

Copilot uses AI. Check for mistakes.

## DIFC / Guard Policy Configuration

These environment variables configure guard policies (e.g., AllowOnly policies for restricting tool access to specific GitHub repositories):
Expand Down
Loading