feat: add AI Bridge Proxy support to copilot module#725
feat: add AI Bridge Proxy support to copilot module#725ssncferreira wants to merge 7 commits intossncf/feat-aibridge-proxy-modulefrom
Conversation
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
ssncferreira
force-pushed
the
ssncf/feat-aibridge-proxy-module
branch
from
6fe9982 to
89718e0
Compare
ssncferreira
force-pushed
the
ssncf/feat-copilot-aibridge-proxy
branch
3 times, most recently
from
610f44b to
7fd6d4a
Compare
ssncferreira
force-pushed
the
ssncf/feat-aibridge-proxy-module
branch
from
89718e0 to
b4d4d04
Compare
ssncferreira
force-pushed
the
ssncf/feat-copilot-aibridge-proxy
branch
3 times, most recently
from
2f3edbf to
25171fc
Compare
| # These are inherited by the agentapi/copilot process below, | ||
| # but do not affect other workspace processes, avoiding routing | ||
| # unnecessary traffic through the proxy. | ||
| export HTTPS_PROXY="$ARG_AIBRIDGE_PROXY_AUTH_URL" |
There was a problem hiding this comment.
Testing with HTTP_PROXY revealed a bug in AI Bridge Proxy (coder/internal#1351), where plain HTTP requests are always rejected with 407. This caused issues with agentapi, which makes HTTP requests to Coder endpoints that were being routed through the proxy. After thinking this through, we should probably recommend only setting HTTPS_PROXY since we only need to intercept requests to AI providers, which all use https. Not setting HTTP_PROXY means http traffic goes direct without passing through the proxy. However, since these two env variables are generally set together, it should still work with the AI Bridge Proxy.
ssncferreira
requested review from
DevelopmentCats,
dannykopping and
matifali
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 25171fc73e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| default = false | ||
|
|
||
| validation { | ||
| condition = !var.enable_aibridge_proxy || length(var.aibridge_proxy_auth_url) > 0 |
There was a problem hiding this comment.
This validation references another input (var.aibridge_proxy_auth_url) from inside the enable_aibridge_proxy variable block, which requires Terraform 1.9+ for cross-variable validation expressions. The module still declares required_version = ">= 1.0", so consumers on Terraform 1.0–1.8 will fail during configuration loading/plan even if enable_aibridge_proxy is left at its default. Please either bump required_version to >= 1.9 or move this check to a resource precondition that works with older versions.
Useful? React with 👍 / 👎.
| ```tf | ||
| module "aibridge-proxy" { | ||
| source = "registry.coder.com/coder/aibridge-proxy/coder" | ||
| version = "1.0.0" | ||
| agent_id = coder_agent.main.id | ||
| proxy_url = "https://aiproxy.example.com" | ||
| } | ||
|
|
||
| module "copilot" { | ||
| source = "registry.coder.com/coder-labs/copilot/coder" | ||
| version = "0.4.0" | ||
| agent_id = coder_agent.main.id | ||
| workdir = "/home/coder/projects" | ||
| enable_aibridge_proxy = true | ||
| aibridge_proxy_auth_url = module.aibridge-proxy.proxy_auth_url | ||
| aibridge_proxy_cert_path = module.aibridge-proxy.cert_path | ||
| } | ||
| ``` |
There was a problem hiding this comment.
How do we ensure that prxy is ready configured before the Copilot module starts up the Copilot CLI?
There was a problem hiding this comment.
consider using https://coder.com/docs/admin/templates/startup-coordination
ssncferreira
force-pushed
the
ssncf/feat-copilot-aibridge-proxy
branch
2 times, most recently
from
e0d1fe4 to
a9e60bd
Compare
ssncferreira
force-pushed
the
ssncf/feat-aibridge-proxy-module
branch
from
7a8034e to
52925f5
Compare
ssncferreira
force-pushed
the
ssncf/feat-copilot-aibridge-proxy
branch
from
84b32ac to
6432579
Compare
ssncferreira
force-pushed
the
ssncf/feat-copilot-aibridge-proxy
branch
from
6432579 to
f415d6c
Compare
2 participants
Description
Add AI Bridge Proxy support to the copilot module. When enabled, the module configures proxy environment variables (
HTTPS_PROXY,NODE_EXTRA_CA_CERTS) scoped to the copilot process tree (agentapi and copilot), routing Copilot traffic through AI Bridge Proxy without affecting other workspace traffic.GitHub authentication is still required, the proxy authenticates with AI Bridge using the Coder session token but does not replace GitHub authentication.
Note: Uses coder exp sync for startup coordination, ensuring the copilot module waits for the
aibridge-proxysetup to complete before starting.Type of Change
Module Information
Path:
registry/coder-labs/modules/copilotNew version:
v0.4.0Breaking change: [ ] Yes [x] No
Testing & Validation
bun test)bun fmt)Related Issues
Depends on: #721
Related to: coder/internal#1187