feat: byok-observability for aibridge

[evgeniy-scherbina]

Summary

Records credential metadata on each AI Bridge interception, enabling admins to see how requests were authenticated and identify which credential was used.

Each provider's CreateInterceptor now captures two new fields on the interceptor:

• credential_kind: centralized, personal_api_key, or subscription
• credential_hint: masked credential for audit (e.g. sk-a...(13)...efgh)

Changes

• Extended Interceptor interface with SetCredential, CredentialKind, and CredentialHint, backed by an embeddable CredentialFields helper
• Each provider sets credential metadata in CreateInterceptor:
  • OpenAI: centralized (admin key) or personal (Bearer token)
  • Anthropic: centralized, personal_api_key (X-Api-Key), or subscription (Bearer token)
  • Copilot: always subscription
• Improved MaskSecret to embed hidden character count (e.g. sk-a...(13)...efgh instead of sk-a*************efgh)

Relates to coder/coder#23808

[ssncferreira]

Isn't setting credHint missing here? Also, we should probably check if cfg.key is empty (chatgpt case), and error if the credential key is empty.

[evgeniy-scherbina]

Isn't setting credHint missing here?

Actually - no, it's later used like this:

interceptor.SetCredential(credKind, utils.MaskSecret(cfg.Key))

It's easier for openai case, because authz header is always used.

---

if cfg.key is empty (chatgpt case), and error if the credential key is empty

Yeah, I remember about this. I can add in this PR.

[evgeniy-scherbina]

@ssncferreira

if cfg.key is empty (chatgpt case), and error if the credential key is empty

We already know that claude (maybe other clients) send HEAD requests without authentication, maybe we don't need it?

Also I think it's not specific to chatgpt case.

[ssncferreira]

My suggestion was to use a credSecret := cfg.Key like we do in Anthropic, instead of setting cfg.Key directly.

Regarding the empty key, I think this case can still happen, where we proceed to the interceptors with an empty key. This would likely be a misconfiguration, e.g., someone using the ChatGPT provider (no key configured) without an actual subscription. I assume in this case, the upstream provider would return a 401, but I think aibridge should catch this early and fail fast rather than sending a request it knows will fail. Claude Code already does this: it errors when no key is configured.

This applies to all providers, not just OpenAI, so I'm fine with addressing it separately 🙂

[evgeniy-scherbina]

My suggestion was to use a credSecret := cfg.Key like we do in Anthropic, instead of setting cfg.Key directly.

In Anthropic it's a bit different, we have 2 fields in config:

• Key
• BYOKBearerToken
  So I had to use credSecret := cfg.Key. In OpenAI implementation is easier.

Instead of setting cfg.Key

We set cfg.Key in Anthropic as well.

Regarding the empty key, I think this case can still happen, where we proceed to the interceptors with an empty key.

Theoretically it may be possible. My main concern that as we already know, request without authenticate maybe a valid request (e.g. ClaudeCode sending HEAD healthcheck request).
So I wasn't sure if we want to intervene and fail every request without authentication?

[ssncferreira]

I think for now we need to assume that all requests that reach this point have been authenticated by coder (HEAD requests without auth do not get this far).
The case I was mentioning is the case where the user is correctly authenticated via coder, but not sending any authentication to the upstream provider. This is an edge case, and as we talked yesterday, we can address this after 🙂

[evgeniy-scherbina]

@ssncferreira yeah, let's address later

The case I was mentioning is the case where the user is correctly authenticated via coder, but not sending any authentication to the upstream provider.

I meant the same. e.g. agent sent Coder-Token, but didn't send LLM token. I didn't want to fail such request, because it maybe valid request (e.g. healthcheck)?

[ssncferreira]

I think we are missing adding the credential info to the logs, especially for error cases like 401/403/429

[evgeniy-scherbina]

@ssncferreira

I think we are missing adding the credential info to the logs, especially for error cases like 401/403/429

I extended logger with credential info in newInterceptionProcessor where we call interceptor.ProcessRequest(rw, r).
It should capture all cases you mentioned.

[ssncferreira]

My suggestion was to use a credSecret := cfg.Key like we do in Anthropic, instead of setting cfg.Key directly.

Regarding the empty key, I think this case can still happen, where we proceed to the interceptors with an empty key. This would likely be a misconfiguration, e.g., someone using the ChatGPT provider (no key configured) without an actual subscription. I assume in this case, the upstream provider would return a 401, but I think aibridge should catch this early and fail fast rather than sending a request it knows will fail. Claude Code already does this: it errors when no key is configured.

This applies to all providers, not just OpenAI, so I'm fine with addressing it separately 🙂

[dannykopping]

LGTM!

[dannykopping]

Can you please add a follow-up to make these more useful as previously discussed? Not sure what happened to my comment.

[evgeniy-scherbina]

I added logging of secret_length as we discussed:

aibridge/bridge.go

Lines 249 to 250 in fefb191

	slog.F("credential_hint", cred.Hint),
	slog.F("credential_length", cred.Length),

On the call consensus was to use short format to avoid wasting DB space.

If you refer to the fact that whole secret is masked, it's by design? Because secret is too short to reveal smth. (shouldn't happen with real providers).

I think this was your original comment: #239 (comment)

But okay, I'll create follow-up PR on that.

[ssncferreira]

LGTM 🚀

[ssncferreira]

I think for now we need to assume that all requests that reach this point have been authenticated by coder (HEAD requests without auth do not get this far).
The case I was mentioning is the case where the user is correctly authenticated via coder, but not sending any authentication to the upstream provider. This is an edge case, and as we talked yesterday, we can address this after 🙂

[ssncferreira]

small nit: I prefer ... instead of ***. The latter is generally associated with censored words, which is not the case.

[evgeniy-scherbina]

okay, I'll replace considering Anthropic and OpenAI use ..., and we use it here: https://github.com/coder/aibridge/blob/main/intercept/apidump/headers.go#L25

I remember @dannykopping proposed ***, so I kept ***.

[evgeniy-scherbina]

done

[ssncferreira]

I'm wondering if it makes sense to add the github token here 🤔 I don't think the copilot case fits the reasoning for logging and debugging on the UI.

[evgeniy-scherbina]

@ssncferreira
I had very similar proposal, see: #216 (comment)