[docs] Self-healing documentation fixes from issue analysis - 2026-03-12

[github-actions]

Self-Healing Documentation Fixes

This PR was automatically created by the Daily Documentation Healer workflow.

Gaps Fixed

• PR feat: support custom OpenAI and Anthropic API targets in AWF sandbox #20631 undocumented custom API endpoint routing — Added a new "Custom API Endpoints" subsection to the Engine Environment Variables section of engines.md. PR feat: support custom OpenAI and Anthropic API targets in AWF sandbox #20631 (merged 2026-03-12T14:02Z) adds support for OPENAI_BASE_URL and ANTHROPIC_BASE_URL in engine.env, causing the AWF sandbox proxy to automatically route API calls to a custom host instead of the hardcoded api.openai.com/api.anthropic.com. This enables internal LLM routers, Azure OpenAI deployments, and other custom endpoints to work with AWF's credential isolation and firewall features. The behavior was not documented anywhere in the reference docs.

Root Cause

DDUw ran at ~04:25 UTC on 2026-03-12 and produced PR #20632 (documenting --skip-secret, Codex web-search default, draft policy, and push-to-pull-request-branch warnings). PR #20631 was merged at 14:02 UTC — nearly 10 hours after DDUw completed. This is the same late-UTC-day blind-spot pattern documented in healer runs #20254, #20412, and #20569: features merged in the afternoon UTC window fall entirely outside DDUw's single early-morning scan.

DDUw Improvement Suggestions

1. Run DDUw twice daily (e.g. 06:00 UTC and 20:00 UTC) to halve the blind-spot window. This is the fourth consecutive healer run identifying a late-UTC-day merge as the root cause.
2. Expand DDUw's scan window to 36 hours with deduplication. A wider look-back would reliably catch features merged late in the prior UTC day regardless of schedule.

Analyzed Issues (last 7 days, label: documentation, state: closed)

Issue	Title	DDUw or human addressed?	Action
#20663	dependencies: documentation undersells APM	Addressed by Copilot PR #20674 (merged same day)	No action
#20646	Invalid HTML anchor in CONTRIBUTING.md	Addressed by Copilot PR #20681 (merged same day)	No action
#20675	[cli-consistency] CLI Consistency Issues - 2026-03-12	not_planned — CLI binary help text, not docs/	No action
#20370	[cli-consistency] Help Flag Descriptions	Addressed (prior healer run #20569 confirmed)	No action
#20248	Improve actionability of failure issues	Addressed by PR #20266 (prior healer run #20569 confirmed)	No action
#20241	Staged mode needs better docs	Addressed by PR #20269 (prior healer run #20569 confirmed)	No action
#20218	[cli-consistency] Missing Flags	Addressed by PR #20272 (prior healer run #20569 confirmed)	No action
#19866–19601	Various [cli-consistency] / research issues	CLI binary or research — not docs/ content	No action

The custom API endpoint gap was discovered by cross-referencing commits merged after DDUw's last run, not from a closed issue.

Files Changed

• docs/src/content/docs/reference/engines.md — added "Custom API Endpoints" subsection documenting OPENAI_BASE_URL / ANTHROPIC_BASE_URL special handling in engine.env

Related

• feat: support custom OpenAI and Anthropic API targets in AWF sandbox #20631 — feat: support custom OpenAI and Anthropic API targets in AWF sandbox (merged 2026-03-12T14:02Z, after DDUw's ~04:25Z run)
• [docs] Update documentation for features from 2026-03-12 #20632 — DDUw PR for 2026-03-12 (did not cover feat: support custom OpenAI and Anthropic API targets in AWF sandbox #20631 due to timing)
• [docs] Self-healing documentation fixes from issue analysis - 2026-03-11 #20569 — Previous doc-healer PR (same late-merge timing pattern)

References:

• §23019703296

Generated by Daily Documentation Healer · ◷

• expires on Mar 15, 2026, 7:27 PM UTC

[Copilot]

Pull request overview

Adds missing documentation for custom upstream LLM API endpoint routing when OPENAI_BASE_URL / ANTHROPIC_BASE_URL are set in engine.env, aligning docs with behavior introduced in #20631.

Changes:

• Documented OPENAI_BASE_URL and ANTHROPIC_BASE_URL special handling in engine.env
• Added examples showing how to pair custom endpoints with network.allowed
• Described compile-time flag forwarding to AWF (--openai-api-target / --anthropic-api-target)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

This paragraph currently says “The custom hostname is extracted … No additional configuration is required.” Two accuracy issues: (1) the implementation extracts the host (and optional port), and ignores scheme/path; calling it only a “hostname” is slightly misleading, especially for localhost/ports. (2) Workflows typically still need to allow the extracted host in network.allowed (as your example already notes), so “no additional configuration” is easy to misread. Suggest rephrasing to explicitly say it forwards the extracted host[:port] as --openai-api-target/--anthropic-api-target, and that you may need to add the domain to network.allowed for the firewall.

Suggested change

	The custom hostname is extracted from the URL and passed to the AWF `--openai-api-target` or `--anthropic-api-target` flag automatically at compile time. No additional configuration is required.
	The custom host (including any port) is extracted from the base URL (scheme and path are ignored) and automatically forwarded at compile time as the AWF `--openai-api-target` or `--anthropic-api-target` flag. You may still need to add the extracted host (and port, if applicable) to `network.allowed` so the firewall permits outbound requests.

[Copilot]

The term “AWF sandbox proxy” isn’t used elsewhere in the docs and may be confusing/inconsistent with established terminology (“AWF firewall” / “API proxy sidecar”). Consider renaming this to match existing docs terminology, or add a brief link/clarifier to the network/firewall docs (e.g., docs/src/content/docs/reference/network.md:10,180).

Suggested change

Two environment variables receive special treatment when set in `engine.env`: `OPENAI_BASE_URL` (for `codex`) and `ANTHROPIC_BASE_URL` (for `claude`). When either is present, the AWF sandbox proxy automatically routes API calls to the specified host instead of the default `api.openai.com` or `api.anthropic.com`. Credential isolation and firewall enforcement remain active.

Two environment variables receive special treatment when set in `engine.env`: `OPENAI_BASE_URL` (for `codex`) and `ANTHROPIC_BASE_URL` (for `claude`). When either is present, the AWF API proxy sidecar automatically routes API calls to the specified host instead of the default `api.openai.com` or `api.anthropic.com`, while the [AWF firewall](/gh-aw/reference/network/#firewall) continues to enforce outbound network policy and credential isolation.