chore: bump smoke-codex mcpg to v0.2.26 for debugging (#2123)

* chore: bump smoke-codex mcpg to v0.2.26

Update ghcr.io/github/gh-aw-mcpg from v0.2.22 to v0.2.26 in the
smoke-codex lock file to debug Codex MCP tool discovery issues.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: inject MCP gateway connection into Codex config.toml

The compiled config.toml had backend MCP server definitions
(container=, guard-policies, entrypointArgs) in mcpg gateway format
that Codex doesn't understand. Codex expects 'command'+'args' (stdio)
or 'url' (HTTP/SSE) fields. This caused dynamic_tool_count=0 at
startup — Codex had zero MCP tools available.

Fix: Before running Codex, rewrite config.toml to replace the backend
server definitions with a single gateway SSE entry pointing to the
already-running MCP gateway at host.docker.internal:$MCP_GATEWAY_PORT.
This gives Codex access to all 31 aggregated tools (playwright,
safeoutputs, etc.) through the gateway.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ci: add API key validation step before Codex execution

Adds diagnostic step to verify:
- OpenAI API key validity (curl /v1/models)
- AWF_GATEWAY_TOKEN matches MCP_GATEWAY_API_KEY
- Gateway auth works from host (127.0.0.1)
- Gateway auth works via host.docker.internal

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: use converter-generated config instead of manual MCP config

Root cause: The gateway generates auth headers (HMAC-signed tokens) that
differ from the raw MCP_GATEWAY_API_KEY. The converter script
(convert_gateway_config_codex.cjs) correctly reads these from the
gateway output, but writes to ${RUNNER_TEMP}/gh-aw/mcp-config/ while
CODEX_HOME is /tmp/gh-aw/mcp-config — different paths.

Fix: Copy the converter's output (with correct auth headers and
172.30.0.1 resolved URLs) to CODEX_HOME, prepending the
shell_environment_policy that the converter doesn't generate.

Also update validation step to test with the converter's auth header
instead of the raw API key.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: configure OpenCode to use OpenAI provider via Copilot API proxy

OpenCode defaults to Google Gemini (gemini-3-pro-preview) which requires
GOOGLE_GENERATIVE_AI_API_KEY. The workflow only has COPILOT_GITHUB_TOKEN
routed through the api-proxy on port 10004 as OPENAI_API_KEY.

Set model to openai/gpt-4.1 in the opencode.jsonc config so OpenCode
uses the OpenAI provider, which routes through the Copilot API proxy.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: configure OpenCode with custom copilot-proxy provider

OpenCode doesn't auto-register providers from env vars alone - it needs
either /connect auth or explicit provider config. Configure a custom
'copilot-proxy' provider using @ai-sdk/openai-compatible pointing to
the AWF api-proxy at port 10004, and pre-populate auth.json with the
Copilot token.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: use api-proxy internal IP for OpenCode baseURL

Inside the AWF container, host.docker.internal may not resolve or may
be blocked by iptables. The api-proxy is directly reachable at
172.30.0.30:10004 on the Docker network.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: add api.openai.com to OpenCode allowed domains

The api-proxy port 10004 routes via OPENAI_API_KEY to api.openai.com.
Squid was blocking that upstream request with 403 TCP_DENIED.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: route OpenCode via Copilot, not OpenAI

Remove OPENAI_API_KEY from workflow env so the api-proxy's port 10004
falls through to the Copilot route (COPILOT_GITHUB_TOKEN) instead of
routing to api.openai.com with an invalid key.

The api-proxy resolveOpenCodeRoute priority is:
  OPENAI_API_KEY > ANTHROPIC_API_KEY > Copilot token

With OPENAI_API_KEY removed, it uses the Copilot token to route
to api.githubcopilot.com (already in allowed domains).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: pass COPILOT_GITHUB_TOKEN to api-proxy

Without COPILOT_GITHUB_TOKEN in the Execute step env, AWF doesn't
pass it to the api-proxy container. The api-proxy then has no
credentials and port 10004 never starts (ConnectionRefused).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: remove /v1 prefix from OpenCode baseURL

The Copilot API at api.githubcopilot.com uses /chat/completions
(no /v1 prefix). The @ai-sdk/openai-compatible provider appends
/chat/completions to baseURL, so with /v1 it was sending
/v1/chat/completions which returned 404.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: add MCP gateway connection to OpenCode config

OpenCode was not connecting to the MCP gateway for safe-output tools.
The agent ran successfully (LLM calls worked) but never called
add_comment because it had no MCP server configured.

Add 'mcp.safeoutputs' config to opencode.jsonc pointing to the
MCP gateway at host.docker.internal:<port> with proper auth header.
This matches how Codex connects to the gateway via HTTP MCP.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: use routed gateway path /mcp/safeoutputs for OpenCode MCP

The MCP gateway runs in routed mode with paths like /mcp/<server>.
OpenCode was connecting to the root URL (port 80) which returned 404.
Fix the URL to include the server-specific route path.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: add external_directory/mcp permissions and instructions for OpenCode

Three fixes:
1. Add 'external_directory: allow' - prevents auto-reject of file
   creation in /tmp when running in non-interactive 'run' mode
2. Add 'mcp: allow' - explicitly allow MCP tool calls
3. Add 'instructions' with explicit guidance to use safeoutputs MCP
   tools (add_comment) instead of gh CLI for GitHub writes

The model was completing after one turn of bash calls without ever
calling the MCP safe-output tools (add_comment).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: use 'permission' not 'permissions' in OpenCode agent config

The OpenCode agent config field is 'permission' (singular) not
'permissions' (plural). The wrong key was silently moved to 'options'
by the normalize() function, so external_directory permission was
never applied.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: lpcox