shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: clarify MITM certificate naming in aibridgeproxyd (#22408)

Browse Source 
## Description

Renames internal fields, variables, and comments related to the proxy's certificate/key configuration to explicitly reference their MITM CA purpose.

The AI Bridge Proxy uses a CA certificate to sign dynamically generated leaf certificates during MITM interception of HTTPS traffic from AI clients. With the upcoming introduction of TLS listener certificates (for serving the proxy itself over HTTPS, implemented upstack https://github.com/coder/coder/pull/22411), the previous generic naming would become ambiguous. This refactor makes it clear which certificate is which.

No user-facing flags, environment variables, YAML keys, or JSON fields were changed, this is purely an internal rename to avoid confusion going forward.

Related to https://github.com/coder/internal/issues/1335
This commit is contained in:
Susana Ferreira
2026-03-05 09:06:38 +00:00
committed by GitHub
parent 94a2e440a8
commit c79e8f2707
8 changed files with 182 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cli/testdata/coder_server_--help.golden
Vendored
+9 -6
View File
@@ -175,19 +175,22 @@ AI BRIDGE OPTIONS:
exporting these records to external SIEM or observability systems.
AI BRIDGE PROXY OPTIONS:
--aibridge-proxy-cert-file string, $CODER_AIBRIDGE_PROXY_CERT_FILE
Path to the CA certificate file for AI Bridge Proxy.
--aibridge-proxy-enabled bool, $CODER_AIBRIDGE_PROXY_ENABLED (default: false)
Enable the AI Bridge MITM Proxy for intercepting and decrypting AI
provider requests.
--aibridge-proxy-key-file string, $CODER_AIBRIDGE_PROXY_KEY_FILE
Path to the CA private key file for AI Bridge Proxy.
--aibridge-proxy-listen-addr string, $CODER_AIBRIDGE_PROXY_LISTEN_ADDR (default: :8888)
The address the AI Bridge Proxy will listen on.
--aibridge-proxy-cert-file string, $CODER_AIBRIDGE_PROXY_CERT_FILE
Path to the CA certificate file used to intercept (MITM) HTTPS traffic
from AI clients. This CA must be trusted by AI clients for the proxy
to decrypt their requests.
--aibridge-proxy-key-file string, $CODER_AIBRIDGE_PROXY_KEY_FILE
Path to the CA private key file used to intercept (MITM) HTTPS traffic
from AI clients.
--aibridge-proxy-upstream string, $CODER_AIBRIDGE_PROXY_UPSTREAM
URL of an upstream HTTP proxy to chain tunneled (non-allowlisted)
requests through. Format: http://[user:pass@]host:port or
cli/testdata/server-config.yaml.golden
Vendored
+5 -2
View File
@@ -830,10 +830,13 @@ aibridgeproxy:
# The address the AI Bridge Proxy will listen on.
# (default: :8888, type: string)
listen_addr: :8888
# Path to the CA certificate file for AI Bridge Proxy.
# Path to the CA certificate file used to intercept (MITM) HTTPS traffic from AI
# clients. This CA must be trusted by AI clients for the proxy to decrypt their
# requests.
# (default: <unset>, type: string)
cert_file: ""
# Path to the CA private key file for AI Bridge Proxy.
# Path to the CA private key file used to intercept (MITM) HTTPS traffic from AI
# clients.
# (default: <unset>, type: string)
key_file: ""
# Comma-separated list of AI provider domains for which HTTPS traffic will be