feat: add request/response dump support to aibridgeproxyd (#24837)

Closes https://github.com/coder/coder/issues/24335

docs/reference/api/general.md

@@ -166,6 +166,7 @@ curl -X GET http://coder-server:8080/api/v2/deployment/config \
         "allowed_private_cidrs": [
           "string"
         ],
+        "api_dump_dir": "string",
         "cert_file": "string",
         "domain_allowlist": [
           "string"

docs/reference/api/schemas.md

@@ -786,6 +786,7 @@
   "allowed_private_cidrs": [
     "string"
   ],
+  "api_dump_dir": "string",
   "cert_file": "string",
   "domain_allowlist": [
     "string"
@@ -805,6 +806,7 @@
 | Name                    | Type            | Required | Restrictions | Description |
 |-------------------------|-----------------|----------|--------------|-------------|
 | `allowed_private_cidrs` | array of string | false    |              |             |
+| `api_dump_dir`          | string          | false    |              |             |
 | `cert_file`             | string          | false    |              |             |
 | `domain_allowlist`      | array of string | false    |              |             |
 | `enabled`               | boolean         | false    |              |             |
@@ -1246,6 +1248,7 @@
     "allowed_private_cidrs": [
       "string"
     ],
+    "api_dump_dir": "string",
     "cert_file": "string",
     "domain_allowlist": [
       "string"
@@ -5229,6 +5232,7 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
         "allowed_private_cidrs": [
           "string"
         ],
+        "api_dump_dir": "string",
         "cert_file": "string",
         "domain_allowlist": [
           "string"
@@ -5820,6 +5824,7 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
       "allowed_private_cidrs": [
         "string"
       ],
+      "api_dump_dir": "string",
       "cert_file": "string",
       "domain_allowlist": [
         "string"

docs/reference/cli/server.md

@@ -1993,6 +1993,16 @@ Path to a PEM-encoded CA certificate to trust for the upstream proxy's TLS conne
 
 Comma-separated list of CIDR ranges that are permitted even though they fall within blocked private/reserved IP ranges. By default all private ranges are blocked to prevent SSRF attacks. Use this to allow access to specific internal networks.
 
+### --aibridge-proxy-dump-dir
+
+|             |                                             |
+|-------------|---------------------------------------------|
+| Type        | <code>string</code>                         |
+| Environment | <code>$CODER_AIBRIDGE_PROXY_DUMP_DIR</code> |
+| YAML        | <code>aibridgeproxy.api_dump_dir</code>     |
+
+Directory for dumping MITM request/response pairs to disk for debugging. When set, each proxied request produces .req.txt and .resp.txt files organized by provider. Sensitive headers are redacted. Leave empty to disable.
+
 ### --audit-logs-retention
 
 |             |                                          |