feat: add AI Bridge Proxy support to copilot module#725
feat: add AI Bridge Proxy support to copilot module#725ssncferreira wants to merge 4 commits intossncf/feat-aibridge-proxy-modulefrom
Conversation
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
ssncferreira
force-pushed
the
ssncf/feat-aibridge-proxy-module
branch
from
6fe9982 to
89718e0
Compare
ssncferreira
force-pushed
the
ssncf/feat-copilot-aibridge-proxy
branch
3 times, most recently
from
610f44b to
7fd6d4a
Compare
ssncferreira
force-pushed
the
ssncf/feat-aibridge-proxy-module
branch
from
89718e0 to
b4d4d04
Compare
ssncferreira
force-pushed
the
ssncf/feat-copilot-aibridge-proxy
branch
3 times, most recently
from
2f3edbf to
25171fc
Compare
| # These are inherited by the agentapi/copilot process below, | ||
| # but do not affect other workspace processes, avoiding routing | ||
| # unnecessary traffic through the proxy. | ||
| export HTTPS_PROXY="$ARG_AIBRIDGE_PROXY_AUTH_URL" |
There was a problem hiding this comment.
Testing with HTTP_PROXY revealed a bug in AI Bridge Proxy (coder/internal#1351), where plain HTTP requests are always rejected with 407. This caused issues with agentapi, which makes HTTP requests to Coder endpoints that were being routed through the proxy. After thinking this through, we should probably recommend only setting HTTPS_PROXY since we only need to intercept requests to AI providers, which all use https. Not setting HTTP_PROXY means http traffic goes direct without passing through the proxy. However, since these two env variables are generally set together, it should still work with the AI Bridge Proxy.
ssncferreira
requested review from
DevelopmentCats,
dannykopping and
matifali
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 25171fc73e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| default = false | ||
|
|
||
| validation { | ||
| condition = !var.enable_aibridge_proxy || length(var.aibridge_proxy_auth_url) > 0 |
There was a problem hiding this comment.
This validation references another input (var.aibridge_proxy_auth_url) from inside the enable_aibridge_proxy variable block, which requires Terraform 1.9+ for cross-variable validation expressions. The module still declares required_version = ">= 1.0", so consumers on Terraform 1.0–1.8 will fail during configuration loading/plan even if enable_aibridge_proxy is left at its default. Please either bump required_version to >= 1.9 or move this check to a resource precondition that works with older versions.
Useful? React with 👍 / 👎.
| variable "aibridge_proxy_auth_url" { | ||
| type = string | ||
| description = "AI Bridge Proxy URL with authentication. Use the proxy_auth_url output from the aibridge-proxy module." | ||
| default = "" |
There was a problem hiding this comment.
| default = "" | |
| default = null |
| variable "aibridge_proxy_cert_path" { | ||
| type = string | ||
| description = "Path to the AI Bridge Proxy CA certificate. Use the cert_path output from the aibridge-proxy module." | ||
| default = "" |
There was a problem hiding this comment.
| default = "" | |
| default = null |
| ```tf | ||
| module "aibridge-proxy" { | ||
| source = "registry.coder.com/coder/aibridge-proxy/coder" | ||
| version = "1.0.0" | ||
| agent_id = coder_agent.main.id | ||
| proxy_url = "https://aiproxy.example.com" | ||
| } | ||
|
|
||
| module "copilot" { | ||
| source = "registry.coder.com/coder-labs/copilot/coder" | ||
| version = "0.4.0" | ||
| agent_id = coder_agent.main.id | ||
| workdir = "/home/coder/projects" | ||
| enable_aibridge_proxy = true | ||
| aibridge_proxy_auth_url = module.aibridge-proxy.proxy_auth_url | ||
| aibridge_proxy_cert_path = module.aibridge-proxy.cert_path | ||
| } | ||
| ``` |
There was a problem hiding this comment.
How do we ensure that prxy is ready configured before the Copilot module starts up the Copilot CLI?
There was a problem hiding this comment.
consider using https://coder.com/docs/admin/templates/startup-coordination
ssncferreira
force-pushed
the
ssncf/feat-copilot-aibridge-proxy
branch
from
bf49c26 to
93e107d
Compare
ssncferreira
force-pushed
the
ssncf/feat-copilot-aibridge-proxy
branch
from
e0d1fe4 to
a9e60bd
Compare
2 participants
Description
Add AI Bridge Proxy support to the copilot module. When enabled, the module configures proxy environment variables (
HTTPS_PROXY,NODE_EXTRA_CA_CERTS) scoped to the copilot process tree (agentapi and copilot), routing Copilot traffic through AI Bridge Proxy without affecting other workspace traffic.GitHub authentication is still required, the proxy authenticates with AI Bridge using the Coder session token but does not replace GitHub authentication.
Type of Change
Module Information
Path:
registry/coder-labs/modules/copilotNew version:
v0.4.0Breaking change: [ ] Yes [x] No
Testing & Validation
bun test)bun fmt)Related Issues
Depends on: #721
Related to: coder/internal#1187