mirror of
https://github.com/coder/coder.git
synced 2026-06-03 04:58:23 +00:00
Yevhenii Shcherbina
7f496c2f18
## Summary Adds `credential_kind` and `credential_hint` columns to `aibridge_interceptions` to record how each LLM request was authenticated and provide a masked credential identifier for audit purposes. This enables admins to distinguish between centralized API keys, personal API keys, and subscription-based credentials in the interceptions audit log. ## Changes - New migration adding `credential_kind`and `credential_hint` to `aibridge_interceptions` - Updated `InsertAIBridgeInterception` query and proto definition to carry the new fields - Wired proto fields through `translator.go` and `aibridgedserver.go` to the database Depends on https://github.com/coder/aibridge/pull/239
13 lines
797 B
SQL
13 lines
797 B
SQL
CREATE TYPE credential_kind AS ENUM ('centralized', 'byok');
|
|
|
|
-- Records how each LLM request was authenticated and a masked credential
|
|
-- identifier for audit purposes. Existing rows default to 'centralized'
|
|
-- with an empty hint since we cannot retroactively determine their values.
|
|
ALTER TABLE aibridge_interceptions
|
|
ADD COLUMN credential_kind credential_kind NOT NULL DEFAULT 'centralized',
|
|
-- Length capped as a safety measure to ensure only masked values are stored.
|
|
ADD COLUMN credential_hint CHARACTER VARYING(15) NOT NULL DEFAULT '';
|
|
|
|
COMMENT ON COLUMN aibridge_interceptions.credential_kind IS 'How the request was authenticated: centralized or byok.';
|
|
COMMENT ON COLUMN aibridge_interceptions.credential_hint IS 'Masked credential identifier for audit (e.g. sk-a***efgh).';
|