coder
diff --git a/‎cli/testdata/coder_server_--help.golden‎
Lines changed: 14 additions & 0 deletions b/‎cli/testdata/coder_server_--help.golden‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎cli/testdata/server-config.yaml.golden‎
Lines changed: 13 additions & 0 deletions b/‎cli/testdata/server-config.yaml.golden‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎coderd/apidoc/docs.go‎
Lines changed: 20 additions & 0 deletions b/‎coderd/apidoc/docs.go‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json‎
Lines changed: 20 additions & 0 deletions b/‎coderd/apidoc/swagger.json‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎codersdk/deployment.go‎
Lines changed: 56 additions & 0 deletions b/‎codersdk/deployment.go‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎docs/reference/api/general.md‎
Lines changed: 6 additions & 0 deletions b/‎docs/reference/api/general.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/reference/api/schemas.md‎
Lines changed: 39 additions & 0 deletions b/‎docs/reference/api/schemas.md‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎docs/reference/cli/server.md‎
Lines changed: 42 additions & 0 deletions b/‎docs/reference/cli/server.md‎
Lines changed: 42 additions & 0 deletions
@@ -139,6 +139,20 @@ AI BRIDGE OPTIONS:
           Maximum number of AI Bridge requests per second per replica. Set to 0
           to disable (unlimited).
 
+AI PROXY OPTIONS: 
+      --aiproxy-cert-file string, $CODER_AIPROXY_CERT_FILE
+          Path to the CA certificate file for MITM.
+
+      --aiproxy-enabled bool, $CODER_AIPROXY_ENABLED (default: false)
+          Enable the AI MITM proxy for intercepting and decrypting AI provider
+          requests.
+
+      --aiproxy-key-file string, $CODER_AIPROXY_KEY_FILE
+          Path to the CA private key file for MITM.
+
+      --aiproxy-listen-addr string, $CODER_AIPROXY_LISTEN_ADDR (default: :8888)
+          The address the AI proxy will listen on.
+
 CLIENT OPTIONS: 
 These options change the behavior of how clients interact with the Coder.
 Clients include the Coder CLI, Coder Desktop, IDE extensions, and the web UI.
 
@@ -765,6 +765,19 @@ aibridge:
   # (unlimited).
   # (default: 0, type: int)
   rateLimit: 0
+aiproxy:
+  # Enable the AI MITM proxy for intercepting and decrypting AI provider requests.
+  # (default: false, type: bool)
+  enabled: false
+  # The address the AI proxy will listen on.
+  # (default: :8888, type: string)
+  listen_addr: :8888
+  # Path to the CA certificate file for MITM.
+  # (default: <unset>, type: string)
+  cert_file: ""
+  # Path to the CA private key file for MITM.
+  # (default: <unset>, type: string)
+  key_file: ""
 # Configure data retention policies for various database tables. Retention
 # policies automatically purge old data to reduce database size and improve
 # performance. Setting a retention duration to 0 disables automatic purging for
 
@@ -1217,6 +1217,10 @@ func (c *DeploymentValues) Options() serpent.OptionSet {
  Name: "AI Bridge",
  YAML: "aibridge",
 		}
+ deploymentGroupAIProxy = serpent.Group{
+ Name: "AI Proxy",
+ YAML: "aiproxy",
+		}
  deploymentGroupRetention = serpent.Group{
  Name:        "Retention",
  Description: "Configure data retention policies for various database tables. Retention policies automatically purge old data to reduce database size and improve performance. Setting a retention duration to 0 disables automatic purging for that data type.",
@@ -3443,6 +3447,50 @@ Write out the current server config as YAML to stdout.`,
  Group:       &deploymentGroupAIBridge,
  YAML:        "rateLimit",
 		},
+
+ // AI Proxy Options
+		{
+ Name:        "AI Proxy Enabled",
+ Description: "Enable the AI MITM proxy for intercepting and decrypting AI provider requests.",
+ Flag:        "aiproxy-enabled",
+ Env:         "CODER_AIPROXY_ENABLED",
+ Value:       &c.AI.ProxyConfig.Enabled,
+ Default:     "false",
+ Group:       &deploymentGroupAIProxy,
+ YAML:        "enabled",
+		},
+		{
+ Name:        "AI Proxy Listen Address",
+ Description: "The address the AI proxy will listen on.",
+ Flag:        "aiproxy-listen-addr",
+ Env:         "CODER_AIPROXY_LISTEN_ADDR",
+ Value:       &c.AI.ProxyConfig.ListenAddr,
+ Default:     ":8888",
+ Group:       &deploymentGroupAIProxy,
+ YAML:        "listen_addr",
+		},
+		{
+ Name:        "AI Proxy Certificate File",
+ Description: "Path to the CA certificate file for MITM.",
+ Flag:        "aiproxy-cert-file",
+ Env:         "CODER_AIPROXY_CERT_FILE",
+ Value:       &c.AI.ProxyConfig.CertFile,
+ Default:     "",
+ Group:       &deploymentGroupAIProxy,
+ YAML:        "cert_file",
+		},
+		{
+ Name:        "AI Proxy Key File",
+ Description: "Path to the CA private key file for MITM.",
+ Flag:        "aiproxy-key-file",
+ Env:         "CODER_AIPROXY_KEY_FILE",
+ Value:       &c.AI.ProxyConfig.KeyFile,
+ Default:     "",
+ Group:       &deploymentGroupAIProxy,
+ YAML:        "key_file",
+ Annotations: serpent.Annotations{}.Mark(annotationSecretKey, "true"),
+		},
+
  // Retention settings
 		{
  Name:        "Audit Logs Retention",
@@ -3535,8 +3583,16 @@ type AIBridgeBedrockConfig struct {
  SmallFastModel  serpent.String `json:"small_fast_model" typescript:",notnull"`
 }
 
+type AIProxyConfig struct {
+ Enabled    serpent.Bool `json:"enabled" typescript:",notnull"`
+ ListenAddr serpent.String `json:"listen_addr" typescript:",notnull"`
+ CertFile   serpent.String `json:"cert_file" typescript:",notnull"`
+ KeyFile    serpent.String `json:"key_file" typescript:",notnull"`
+}
+
 type AIConfig struct {
  BridgeConfig AIBridgeConfig `json:"bridge,omitempty"`
+ ProxyConfig AIProxyConfig `json:"proxy,omitempty"`
 }
 
 type SupportConfig struct {