Summary
Audit on 2026-05-01 found codeflow-engine's main provider abstraction correctly reads OPENAI_BASE_URL and ANTHROPIC_BASE_URL from env, but two action paths bypass that abstraction and construct SDK clients without a base_url argument, so they always go direct to providers regardless of env.
Evidence
Gateway-capable (good)
engine/codeflow_engine/ai/core/providers/manager.py:40,60 — reads OPENAI_BASE_URL and ANTHROPIC_BASE_URL from envengine/codeflow_engine/actions/llm/__init__.py:101 — passes OPENAI_API_BASE to providerengine/codeflow_engine/actions/llm/providers/openai.py:19 — openai.OpenAI(api_key, base_url=self.base_url) (override-aware)desktop/src/schema.json:387,421 — UI schema exposes OPENAI_BASE_URL and ANTHROPIC_BASE_URL settings
Bypass-prone (bad)
engine/codeflow_engine/actions/ai_comment_analyzer.py:43 — openai.OpenAI(api_key=os.getenv("OPENAI_API_KEY")) — no base_url, always directengine/codeflow_engine/actions/llm/providers/anthropic.py:19 — anthropic.Anthropic(...) constructed without base URL overrideengine/codeflow_engine/actions/llm/providers/azure_openai.py:51 — AzureOpenAI(...) reads AZURE_OPENAI_ENDPOINT directlyengine/codeflow_engine/ai/core/providers/manager.py:40,60 — defaults: https://api.openai.com/v1, https://api.anthropic.comtools/quality/production_monitoring.py:18 — hardcoded default https://api.openai.com/v1- Zero references to
sluice, vkey-, or azurecontainerapps.io anywhere in code
Suggested fix
- Code: make
ai_comment_analyzer.py:43 and anthropic.py:19 honor OPENAI_BASE_URL / ANTHROPIC_BASE_URL env vars, matching the pattern in openai.py:19.
- Config: set
OPENAI_BASE_URL=https://pvc-prod-sluice-ca.<region>.azurecontainerapps.io/v1 and ANTHROPIC_BASE_URL=https://pvc-prod-sluice-ca.<region>.azurecontainerapps.io in docker-compose.yml and any K8s manifests.
- Docs: document sluice as the recommended endpoint in
ENVIRONMENT_VARIABLES.md. Use the vkey-codeflow-engine virtual key already issued in pvc-prod-sluice-kv.
See sluice ADR 09 for the keys table and sluice/AGENTS.md routing section for the env-var pattern.
Summary
Audit on 2026-05-01 found codeflow-engine's main provider abstraction correctly reads
OPENAI_BASE_URLandANTHROPIC_BASE_URLfrom env, but two action paths bypass that abstraction and construct SDK clients without abase_urlargument, so they always go direct to providers regardless of env.Evidence
Gateway-capable (good)
engine/codeflow_engine/ai/core/providers/manager.py:40,60— readsOPENAI_BASE_URLandANTHROPIC_BASE_URLfrom envengine/codeflow_engine/actions/llm/__init__.py:101— passesOPENAI_API_BASEto providerengine/codeflow_engine/actions/llm/providers/openai.py:19—openai.OpenAI(api_key, base_url=self.base_url)(override-aware)desktop/src/schema.json:387,421— UI schema exposesOPENAI_BASE_URLandANTHROPIC_BASE_URLsettingsBypass-prone (bad)
engine/codeflow_engine/actions/ai_comment_analyzer.py:43—openai.OpenAI(api_key=os.getenv("OPENAI_API_KEY"))— nobase_url, always directengine/codeflow_engine/actions/llm/providers/anthropic.py:19—anthropic.Anthropic(...)constructed without base URL overrideengine/codeflow_engine/actions/llm/providers/azure_openai.py:51—AzureOpenAI(...)readsAZURE_OPENAI_ENDPOINTdirectlyengine/codeflow_engine/ai/core/providers/manager.py:40,60— defaults:https://api.openai.com/v1,https://api.anthropic.comtools/quality/production_monitoring.py:18— hardcoded defaulthttps://api.openai.com/v1sluice,vkey-, orazurecontainerapps.ioanywhere in codeSuggested fix
ai_comment_analyzer.py:43andanthropic.py:19honorOPENAI_BASE_URL/ANTHROPIC_BASE_URLenv vars, matching the pattern inopenai.py:19.OPENAI_BASE_URL=https://pvc-prod-sluice-ca.<region>.azurecontainerapps.io/v1andANTHROPIC_BASE_URL=https://pvc-prod-sluice-ca.<region>.azurecontainerapps.ioindocker-compose.ymland any K8s manifests.ENVIRONMENT_VARIABLES.md. Use thevkey-codeflow-enginevirtual key already issued inpvc-prod-sluice-kv.See sluice ADR 09 for the keys table and sluice/AGENTS.md routing section for the env-var pattern.