You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Follow-up to PR #1704 (merged), which landed AWS Bedrock as a bridge-fronted inference provider. The bridge-fronted shape ships today with:
providers/aws-bedrock.yaml: endpoints: [], binaries: [] — non-egress-granting; operators declare their own bridge egress.
crates/openshell-core/src/inference.rs: AWS_BEDROCK_PROFILE.default_base_url = "" so route resolution rejects providers without BEDROCK_BASE_URL rather than silently forwarding to real AWS.
auth: AuthHeader::None on the router — operator's bridge holds upstream auth in its own pod.
AWS_BEDROCK_PROTOCOLS advertises only buffered aws_bedrock_invoke (/model/{id}/invoke).
AWS_* credentials in the YAML profile are declarative-only (required: false); router does not consume them.
This issue tracks the natural follow-up: direct AWS Bedrock, where the router signs requests itself.
Scope
SigV4 router-side signing. Add AuthHeader::SigV4 { ... } variant in crates/openshell-core/src/inference.rs, consume the four AWS credential map entries (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, AWS_REGION) at outbound request time, and sign every Bedrock request in crates/openshell-router/src/backend.rs. Likely via the aws-sigv4 crate.
Streaming protocol + protocol-aware error framing. Re-add aws_bedrock_invoke_stream (/model/{id}/invoke-with-response-stream) to AWS_BEDROCK_PROTOCOLS and the L7 inference pattern table, but only after the shared streaming relay can emit AWS event-stream-shaped error frames (application/vnd.amazon.eventstream) on truncation/timeout/upstream-error. The current SSE-style error injection corrupts Bedrock event-stream parsers, which is why this was deferred from PR feat(sandbox,providers): add aws-bedrock as a recognized inference provider #1704.
Repopulate the profile. Once SigV4 + streaming exist, flip providers/aws-bedrock.yaml to advertise the real AWS endpoint, restore binaries for the Claude CLI, and set the AWS credentials back to required: true with discovery.credentials populated. The bridge-fronted shape continues to work via BEDROCK_BASE_URL override.
{region} placeholder substitution in the YAML profile loader so operators in other regions don't need a full BEDROCK_BASE_URL override.
Compatibility
The single-profile principle (per @johntmyers on PR #1704: "profiles should be usable as is") means the post-follow-up profile should serve both bridge-fronted and direct-AWS shapes without splitting. Operators continue to use:
Bridge-fronted: --config BEDROCK_BASE_URL=... (no AWS credentials required).
Direct AWS: omit BEDROCK_BASE_URL, provide AWS credentials.
Context
Follow-up to PR #1704 (merged), which landed AWS Bedrock as a bridge-fronted inference provider. The bridge-fronted shape ships today with:
providers/aws-bedrock.yaml:endpoints: [],binaries: []— non-egress-granting; operators declare their own bridge egress.crates/openshell-core/src/inference.rs:AWS_BEDROCK_PROFILE.default_base_url = ""so route resolution rejects providers withoutBEDROCK_BASE_URLrather than silently forwarding to real AWS.auth: AuthHeader::Noneon the router — operator's bridge holds upstream auth in its own pod.AWS_BEDROCK_PROTOCOLSadvertises only bufferedaws_bedrock_invoke(/model/{id}/invoke).AWS_*credentials in the YAML profile are declarative-only (required: false); router does not consume them.This issue tracks the natural follow-up: direct AWS Bedrock, where the router signs requests itself.
Scope
AuthHeader::SigV4 { ... }variant incrates/openshell-core/src/inference.rs, consume the four AWS credential map entries (AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_SESSION_TOKEN,AWS_REGION) at outbound request time, and sign every Bedrock request incrates/openshell-router/src/backend.rs. Likely via theaws-sigv4crate.aws_bedrock_invoke_stream(/model/{id}/invoke-with-response-stream) toAWS_BEDROCK_PROTOCOLSand the L7 inference pattern table, but only after the shared streaming relay can emit AWS event-stream-shaped error frames (application/vnd.amazon.eventstream) on truncation/timeout/upstream-error. The current SSE-style error injection corrupts Bedrock event-stream parsers, which is why this was deferred from PR feat(sandbox,providers): add aws-bedrock as a recognized inference provider #1704.providers/aws-bedrock.yamlto advertise the real AWS endpoint, restorebinariesfor the Claude CLI, and set the AWS credentials back torequired: truewithdiscovery.credentialspopulated. The bridge-fronted shape continues to work viaBEDROCK_BASE_URLoverride.{region}placeholder substitution in the YAML profile loader so operators in other regions don't need a fullBEDROCK_BASE_URLoverride.Compatibility
The single-profile principle (per @johntmyers on PR #1704: "profiles should be usable as is") means the post-follow-up profile should serve both bridge-fronted and direct-AWS shapes without splitting. Operators continue to use:
--config BEDROCK_BASE_URL=...(no AWS credentials required).BEDROCK_BASE_URL, provide AWS credentials.Related