From 56cd37931b6a35f485ed4b4b6c115841928762db Mon Sep 17 00:00:00 2001 From: M Atif Ali Date: Tue, 11 Nov 2025 19:09:22 +0500 Subject: [PATCH 1/4] Update AI Bridge documentation --- docs/ai-coder/ai-bridge/client-config.md | 34 ++++++++++++------------ docs/ai-coder/ai-bridge/index.md | 4 +-- docs/ai-coder/ai-bridge/mcp.md | 2 +- docs/ai-coder/ai-bridge/reference.md | 8 +++--- docs/manifest.json | 7 ++--- 5 files changed, 28 insertions(+), 27 deletions(-) diff --git a/docs/ai-coder/ai-bridge/client-config.md b/docs/ai-coder/ai-bridge/client-config.md index 1fc348c935135..dd29fb24c5143 100644 --- a/docs/ai-coder/ai-bridge/client-config.md +++ b/docs/ai-coder/ai-bridge/client-config.md @@ -79,23 +79,23 @@ Users can generate a long-lived API key from the Coder UI or CLI. Follow the ins The table below shows tested AI clients and their compatibility with AI Bridge. Click each client name for vendor-specific configuration instructions. Report issues or share compatibility updates in the [aibridge](https://github.com/coder/aibridge) issue tracker. -| Client | OpenAI support | Anthropic support | Notes | -|-------------------------------------------------------------------------------------------------------------------------------------------|----------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [Claude Code](https://docs.claude.com/en/docs/claude-code/settings#environment-variables) | N/A | ✅ | Works out of the box and can be preconfigured in templates. | -| Claude Code (VS Code) | N/A | ✅ | May require signing in once; afterwards respects workspace environment variables. | -| [Cursor](https://cursor.com/docs/settings/api-keys) | ⚠️ | ❌ | Only non-reasoning models like `gpt-4.1` are available when using a custom endpoint. Requests still transit Cursor's cloud. There is no central admin setting to configure this. | -| [Roo Code](https://docs.roocode.com/features/api-configuration-profiles#creating-and-managing-profiles) | ✅ | ✅ | Use the **OpenAI Compatible** provider with the legacy format to avoid `/v1/responses`. | -| [Codex CLI](https://github.com/openai/codex/blob/main/docs/config.md#model_providers) | ✅ | N/A | `gpt-5-codex` support is [in progress](https://github.com/coder/aibridge/issues/16). | -| [GitHub Copilot (VS Code)](https://docs.github.com/en/copilot/configuring-github-copilot/configuring-network-settings-for-github-copilot) | ✅ | ❌ | Requires the pre-release extension. Anthropic endpoints are not supported. | -| Goose | ❓ | ❓ | | -| Goose Desktop | ❓ | ✅ | | -| WindSurf | ❌ | — | No option to override the base URL. | -| Sourcegraph Amp | ❌ | — | No option to override the base URL. | -| Kiro | ❌ | — | No option to override the base URL. | -| [Copilot CLI](https://github.com/github/copilot-cli/issues/104) | ❌ | ❌ | No support for custom base URLs and uses a `GITHUB_TOKEN` for authentication. | -| [Kilo Code](https://kilocode.ai/docs/features/api-configuration-profiles#creating-and-managing-profiles) | ✅ | ✅ | Similar to Roo Code. | -| Gemini CLI | ❌ | ❌ | Not supported yet (`GOOGLE_GEMINI_BASE_URL`). | -| [Amazon Q CLI](https://aws.amazon.com/q/) | ❌ | ❌ | Limited to Amazon Q subscriptions; no custom endpoint support. | +| Client | OpenAI support | Anthropic support | Notes | +|-------------------------------------------------------------------------------------------------------------------------------------|----------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Claude Code](https://docs.claude.com/en/docs/claude-code/settings#environment-variables) | N/A | ✅ | Works out of the box and can be preconfigured in templates. | +| Claude Code (VS Code) | N/A | ✅ | May require signing in once; afterwards respects workspace environment variables. | +| [Cursor](https://cursor.com/docs/settings/api-keys) | ⚠️ | ❌ | Only non-reasoning models like `gpt-4.1` are available when using a custom endpoint. Requests still transit Cursor's cloud. There is no central admin setting to configure this. | +| [Roo Code](https://docs.roocode.com/features/api-configuration-profiles#creating-and-managing-profiles) | ✅ | ✅ | Use the **OpenAI Compatible** provider with the legacy format to avoid `/v1/responses`. | +| [Codex CLI](https://github.com/openai/codex/blob/main/docs/config.md#model_providers) | ✅ | N/A | `gpt-5-codex` support is [in progress](https://github.com/coder/aibridge/issues/16). | +| [GitHub Copilot (VS Code)](https://code.visualstudio.com/docs/copilot/customization/language-models#_use-an-openaicompatible-model) | ✅ | ❌ | Requires the pre-release extension. Anthropic endpoints are not supported. | +| [Goose](https://block.github.io/goose/docs/getting-started/providers/#available-providers) | ❓ | ❓ | | +| [Goose Desktop](https://block.github.io/goose/docs/getting-started/providers/#available-providers) | ❓ | ✅ | | +| WindSurf | ❌ | — | No option to override the base URL. | +| Sourcegraph Amp | ❌ | — | No option to override the base URL. | +| Kiro | ❌ | — | No option to override the base URL. | +| [Copilot CLI](https://github.com/github/copilot-cli/issues/104) | ❌ | ❌ | No support for custom base URLs and uses a `GITHUB_TOKEN` for authentication. | +| [Kilo Code](https://kilocode.ai/docs/features/api-configuration-profiles#creating-and-managing-profiles) | ✅ | ✅ | Similar to Roo Code. | +| Gemini CLI | ❌ | ❌ | Not supported yet. | +| [Amazon Q CLI](https://aws.amazon.com/q/) | ❌ | ❌ | Limited to Amazon Q subscriptions; no custom endpoint support. | Legend: ✅ works, ⚠️ limited support, ❌ not supported, ❓ not yet verified, — not applicable. diff --git a/docs/ai-coder/ai-bridge/index.md b/docs/ai-coder/ai-bridge/index.md index 8368c2725419b..7fd35924fd027 100644 --- a/docs/ai-coder/ai-bridge/index.md +++ b/docs/ai-coder/ai-bridge/index.md @@ -11,9 +11,9 @@ AI Bridge solves 3 key problems: 1. **Centralized authn/z management**: no more issuing & managing API tokens for OpenAI/Anthropic usage. Users use their Coder session or API tokens to authenticate with `coderd` (Coder control plane), and `coderd` securely communicates with the upstream APIs on their behalf. -2. **Auditing and attribution**: all interactions with AI services, whether autonomous or human-initiated, +1. **Auditing and attribution**: all interactions with AI services, whether autonomous or human-initiated, will be audited and attributed back to a user. -3. **Centralized MCP administration**: define a set of approved MCP servers and tools which your users may +1. **Centralized MCP administration**: define a set of approved MCP servers and tools which your users may use. ## When to use AI Bridge diff --git a/docs/ai-coder/ai-bridge/mcp.md b/docs/ai-coder/ai-bridge/mcp.md index 498e8f3a36a0c..576c4d83b7f31 100644 --- a/docs/ai-coder/ai-bridge/mcp.md +++ b/docs/ai-coder/ai-bridge/mcp.md @@ -63,4 +63,4 @@ If you have the `oauth2` and `mcp-server-http` experiments enabled, Coder's own - **Coder MCP tools not being injected**: in order for Coder MCP tools to be injected, the internal MCP server needs to be active. Follow the instructions in the [MCP Server](../mcp-server.md) page to enable it. -- **External Auth tools not being injected**: this is generally due to the requesting user not being authenticated against the External Auth app; when this is the case, no attempt is made to connect to the MCP server. +- **External Auth tools not being injected**: this is generally due to the requesting user not being authenticated against the [External Auth](../../admin/external-auth/index.md) app; when this is the case, no attempt is made to connect to the MCP server. diff --git a/docs/ai-coder/ai-bridge/reference.md b/docs/ai-coder/ai-bridge/reference.md index 731a4ee6ee287..597f62fe616e0 100644 --- a/docs/ai-coder/ai-bridge/reference.md +++ b/docs/ai-coder/ai-bridge/reference.md @@ -17,22 +17,22 @@ Where relevant, both streaming and non-streaming requests are supported. ### OpenAI -**Intercepted**: +#### Intercepted - [`/v1/chat/completions`](https://platform.openai.com/docs/api-reference/chat/create) -**Passthrough**: +#### Passthrough - [`/v1/models(/*)`](https://platform.openai.com/docs/api-reference/models/list) - [`/v1/responses`](https://platform.openai.com/docs/api-reference/responses/create) _(Interception support coming in **Beta**)_ ### Anthropic -**Intercepted**: +#### Intercepted - [`/v1/messages`](https://docs.claude.com/en/api/messages) -**Passthrough**: +#### Passthrough - [`/v1/models(/*)`](https://docs.claude.com/en/api/models-list) diff --git a/docs/manifest.json b/docs/manifest.json index 8158e0a936f13..9645594e562b3 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -948,9 +948,10 @@ "path": "./ai-coder/ai-bridge/client-config.md" }, { - "title": "MCP", - "description": "How to use AI Bridge with MCP", - "path": "./ai-coder/ai-bridge/mcp.md" + "title": "MCP Tools Injection", + "description": "How to configure MCP servers for tools injection through AI Bridge", + "path": "./ai-coder/ai-bridge/mcp.md", + "state": ["early access"] }, { "title": "Monitoring", From 16300463ec098f0174b797700a215973a06acfe2 Mon Sep 17 00:00:00 2001 From: M Atif Ali Date: Tue, 11 Nov 2025 19:13:56 +0500 Subject: [PATCH 2/4] Update AI Bridge client config for tasks --- docs/ai-coder/ai-bridge/client-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ai-coder/ai-bridge/client-config.md b/docs/ai-coder/ai-bridge/client-config.md index dd29fb24c5143..34f1cd72b24ba 100644 --- a/docs/ai-coder/ai-bridge/client-config.md +++ b/docs/ai-coder/ai-bridge/client-config.md @@ -24,7 +24,7 @@ Again, the exact environment variable or setting naming may differ from tool to ## Configuring In-Workspace Tools -Template admins can pre-configure workspaces to route all AI tool requests through AI Bridge, providing a seamless and secure experience for users. This can be done for both Coder Tasks and other AI tools running in the workspace. +Template admins can pre-configure workspaces to route all AI tool requests through AI Bridge, providing a seamless and secure experience for users. This can be done with either [Coder Tasks](../tasks.md) or AI agents running in the workspace. ### Using Coder Tasks From a1066526da20eba309be69143dffe4e4d2473577 Mon Sep 17 00:00:00 2001 From: M Atif Ali Date: Tue, 11 Nov 2025 19:29:59 +0500 Subject: [PATCH 3/4] Improve AI Bridge config documentation --- docs/ai-coder/ai-bridge/client-config.md | 31 +++++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/docs/ai-coder/ai-bridge/client-config.md b/docs/ai-coder/ai-bridge/client-config.md index 34f1cd72b24ba..c667517fc7a7a 100644 --- a/docs/ai-coder/ai-bridge/client-config.md +++ b/docs/ai-coder/ai-bridge/client-config.md @@ -24,7 +24,28 @@ Again, the exact environment variable or setting naming may differ from tool to ## Configuring In-Workspace Tools -Template admins can pre-configure workspaces to route all AI tool requests through AI Bridge, providing a seamless and secure experience for users. This can be done with either [Coder Tasks](../tasks.md) or AI agents running in the workspace. +AI coding tools running inside a Coder workspace, such as IDE extensions, can be configured to use AI Bridge. + +While users can manually configure these tools with a long-lived API key, template admins can provide a more seamless experience by pre-configuring them. Similar to the Coder Tasks example, admins can use Terraform data sources like `data.coder_workspace_owner.me.session_token` to automatically inject the user's session token and the AI Bridge base URL into the workspace environment. + +This is the fastest way to bring existing agents like Roo Code, Cursor, or Claude Code into compliance without adopting Coder Tasks. + +```hcl +data "coder_workspace_owner" "me" {} + +data "coder_workspace" "me" {} + +resource "coder_agent" "dev" { + arch = "amd64" + os = "linux" + dir = local.repo_dir + env = { + ANTHROPIC_BASE_URL : "${data.coder_workspace.me.url}/api/v2/aibridge/anthropic", + ANTHROPIC_AUTH_TOKEN : data.coder_workspace_owner.me.session_token + } + ... # other agent configuration +} +``` ### Using Coder Tasks @@ -59,14 +80,6 @@ module "claude-code" { } ``` -### Other IDEs and Tools - -AI coding tools running inside a Coder workspace, such as IDE extensions, can be configured to use AI Bridge. - -While users can manually configure these tools with a long-lived API key, template admins can provide a more seamless experience by pre-configuring them. Similar to the Coder Tasks example, admins can use Terraform data sources like `data.coder_workspace_owner.me.session_token` to automatically inject the user's session token and the AI Bridge base URL into the workspace environment. - -This is the fastest way to bring existing agents like Roo Code, Cursor, or Claude Code into compliance without adopting Coder Tasks. - ## External and Desktop Clients You can also configure AI tools running outside of a Coder workspace, such as local IDE extensions or desktop applications, to connect to AI Bridge. From fb4dc4086e950714513d3d109e9453f1fdfaf57a Mon Sep 17 00:00:00 2001 From: Atif Ali Date: Tue, 11 Nov 2025 20:09:03 +0500 Subject: [PATCH 4/4] Update docs/ai-coder/ai-bridge/client-config.md Co-authored-by: Danny Kopping --- docs/ai-coder/ai-bridge/client-config.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/ai-coder/ai-bridge/client-config.md b/docs/ai-coder/ai-bridge/client-config.md index c667517fc7a7a..86e88639cc731 100644 --- a/docs/ai-coder/ai-bridge/client-config.md +++ b/docs/ai-coder/ai-bridge/client-config.md @@ -26,7 +26,9 @@ Again, the exact environment variable or setting naming may differ from tool to AI coding tools running inside a Coder workspace, such as IDE extensions, can be configured to use AI Bridge. -While users can manually configure these tools with a long-lived API key, template admins can provide a more seamless experience by pre-configuring them. Similar to the Coder Tasks example, admins can use Terraform data sources like `data.coder_workspace_owner.me.session_token` to automatically inject the user's session token and the AI Bridge base URL into the workspace environment. +While users can manually configure these tools with a long-lived API key, template admins can provide a more seamless experience by pre-configuring them. Admins can automatically inject the user's session token with `data.coder_workspace_owner.me.session_token` and the AI Bridge base URL into the workspace environment. + +In this example, Claude code respects these environment variables and will route all requests via AI Bridge. This is the fastest way to bring existing agents like Roo Code, Cursor, or Claude Code into compliance without adopting Coder Tasks.