mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
06afd63f4a
## Why Codex needs to manage Amazon Bedrock API key credentials through the existing auth lifecycle instead of introducing a separate auth manager or provider-specific credential file. Treating Bedrock API key login as a primary auth mode gives it the same persistence, keyring, reload, and logout behavior as the existing OpenAI API key and ChatGPT modes. The credential is valid only for the `amazon-bedrock` model provider. OpenAI-compatible providers must reject this auth mode rather than treating the Bedrock key as an OpenAI bearer token. ## What changed - Added `bedrockApiKey` as an app-server `AuthMode` and `CodexAuth::BedrockApiKey` as a primary `AuthManager` mode. - Added `BedrockApiKeyAuth`, containing the API key and AWS region, to the existing `AuthDotJson` payload stored in `$CODEX_HOME/auth.json` or the configured keyring backend. - Added `login_with_bedrock_api_key(...)`, parallel to `login_with_api_key(...)`, which replaces the current stored login with Bedrock credentials. - Reused generic auth reload and logout behavior instead of adding a Bedrock-specific auth manager or logout path. - Updated login restrictions, status reporting, diagnostics, telemetry classification, generated app-server schemas, and auth fixtures for the new mode. - Added explicit errors when Bedrock API key auth is selected with an OpenAI-compatible model provider. This PR establishes managed storage and auth-mode behavior. Routing the managed key and region into Amazon Bedrock requests will be in follow-up PRs.
93 lines
2.2 KiB
JSON
Generated
93 lines
2.2 KiB
JSON
Generated
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"AuthMode": {
|
|
"description": "Authentication mode for OpenAI-backed providers.",
|
|
"oneOf": [
|
|
{
|
|
"description": "OpenAI API key provided by the caller and stored by Codex.",
|
|
"enum": [
|
|
"apikey"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"description": "ChatGPT OAuth managed by Codex (tokens persisted and refreshed by Codex).",
|
|
"enum": [
|
|
"chatgpt"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"description": "[UNSTABLE] FOR OPENAI INTERNAL USE ONLY - DO NOT USE.\n\nChatGPT auth tokens are supplied by an external host app and are only stored in memory. Token refresh must be handled by the external host app.",
|
|
"enum": [
|
|
"chatgptAuthTokens"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"description": "Programmatic Codex auth backed by a registered Agent Identity.",
|
|
"enum": [
|
|
"agentIdentity"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"description": "Programmatic Codex auth backed by a personal access token.",
|
|
"enum": [
|
|
"personalAccessToken"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"description": "Amazon Bedrock bearer token managed by Codex.",
|
|
"enum": [
|
|
"bedrockApiKey"
|
|
],
|
|
"type": "string"
|
|
}
|
|
]
|
|
},
|
|
"PlanType": {
|
|
"enum": [
|
|
"free",
|
|
"go",
|
|
"plus",
|
|
"pro",
|
|
"prolite",
|
|
"team",
|
|
"self_serve_business_usage_based",
|
|
"business",
|
|
"enterprise_cbp_usage_based",
|
|
"enterprise",
|
|
"edu",
|
|
"unknown"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"properties": {
|
|
"authMode": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/AuthMode"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"planType": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/PlanType"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"title": "AccountUpdatedNotification",
|
|
"type": "object"
|
|
} |