fix(moa): route bedrock MoA slots through signed bedrock branch
_slot_runtime() resolved a bedrock slot to its bedrock-runtime base_url plus the placeholder api_key "aws-sdk" and forwarded both to call_llm. call_llm then treated it as a plain OpenAI-compatible endpoint and issued an UNSIGNED bearer POST (no AWS SigV4 / IAM signing), so Bedrock returned an empty/malformed ChatCompletion (choices=None) and the MoA aggregator turn failed validation. Add 'bedrock' to the name-preserve set alongside nous/openai-codex/ xai-oauth so bedrock slots are passed by provider name only, routing through call_llm's dedicated SigV4-signed bedrock branch. Affects any MoA preset using a bedrock aggregator or bedrock reference.
This commit is contained in:
parent
4d43669921
commit
6eca917631
1 changed files with 16 additions and 1 deletions
|
|
@ -99,7 +99,22 @@ def _slot_runtime(slot: dict[str, str]) -> dict[str, Any]:
|
|||
# provider-backed targets whose provider branch adds auth refresh,
|
||||
# request metadata, or request-shape adapters. Keep those providers
|
||||
# identified by name.
|
||||
if resolved_provider in {"nous", "anthropic", "openai-codex", "xai-oauth"}:
|
||||
# ``bedrock`` belongs here too: its provider branch builds an
|
||||
# AWS-SigV4-signed client (or IAM-role-signed) against the
|
||||
# bedrock-runtime endpoint. resolve_runtime_provider returns that
|
||||
# endpoint's base_url plus a PLACEHOLDER api_key ("aws-sdk") — there is
|
||||
# no real bearer token. Forwarding base_url+api_key makes call_llm treat
|
||||
# it as a plain OpenAI-compatible endpoint and POST with an unsigned
|
||||
# fake bearer, which Bedrock answers with an empty/malformed
|
||||
# ChatCompletion (choices=None). Keeping it identified by name routes it
|
||||
# through the real signed bedrock branch.
|
||||
#
|
||||
# ``anthropic`` likewise: subscription OAuth setup-tokens (sk-ant-oat*)
|
||||
# require Bearer auth plus the ``anthropic-beta: oauth-*`` header, which
|
||||
# only the anthropic provider branch adds. Forwarding base_url+api_key
|
||||
# sends the OAuth token as ``x-api-key``, which Anthropic rejects with a
|
||||
# bare 429.
|
||||
if resolved_provider in {"nous", "anthropic", "openai-codex", "xai-oauth", "bedrock"}:
|
||||
return out
|
||||
# Pass the resolved endpoint through so call_llm builds the request for
|
||||
# the provider's actual API surface instead of auto-detecting. base_url
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue