shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
85f56e4944bd84fbb1047441444eb217de978899
coder/coderd/database/migrations/000495_ai_providers.up.sql
T

68 lines
3.6 KiB
SQL
Raw Blame History

CREATE TYPE ai_provider_type AS ENUM (
'openai',
'anthropic'
);
CREATE TABLE ai_providers (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
type ai_provider_type NOT NULL,
name text NOT NULL
CONSTRAINT ai_providers_name_check
CHECK (name ~ '^[a-z0-9]+(-[a-z0-9]+)*$'),
display_name text,
enabled boolean NOT NULL DEFAULT TRUE,
deleted boolean NOT NULL DEFAULT FALSE,
base_url text NOT NULL,
settings text,
settings_key_id text REFERENCES dbcrypt_keys(active_key_digest),
created_at timestamp with time zone NOT NULL DEFAULT NOW(),
updated_at timestamp with time zone NOT NULL DEFAULT NOW()
);
-- Provider names are unique among live rows only. Soft-deleted rows
-- are retained for audit and FK history but do not reserve names.
CREATE UNIQUE INDEX ai_providers_name_unique
ON ai_providers (name)
WHERE deleted = FALSE;
COMMENT ON TABLE ai_providers IS 'Runtime configuration for AI providers. Authoritative source for the provider set served by aibridged. Replaces deployment-time CODER_AIBRIDGE_* environment variables.';
COMMENT ON COLUMN ai_providers.settings IS 'Encrypted JSON blob holding type-specific configuration (e.g. AWS Bedrock region, model, access key secret). Plaintext is a JSON object. NULL when no type-specific settings are required.';
COMMENT ON COLUMN ai_providers.settings_key_id IS 'The ID of the key used to encrypt settings. If this is NULL, settings is not encrypted.';
COMMENT ON COLUMN ai_providers.deleted IS 'Soft delete flag. Soft-deleted rows are preserved for audit and FK history but do not block name reuse by future live rows.';
COMMENT ON COLUMN ai_providers.display_name IS 'Optional human-readable label. When NULL, callers should fall back to name.';
CREATE INDEX idx_ai_providers_enabled ON ai_providers (enabled) WHERE deleted = FALSE;
CREATE TABLE ai_provider_keys (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
provider_id uuid NOT NULL REFERENCES ai_providers(id) ON DELETE CASCADE,
api_key text NOT NULL,
api_key_key_id text REFERENCES dbcrypt_keys(active_key_digest),
created_at timestamp with time zone NOT NULL DEFAULT NOW(),
updated_at timestamp with time zone NOT NULL DEFAULT NOW()
);
COMMENT ON TABLE ai_provider_keys IS 'API keys associated with AI providers. Bedrock providers have zero keys (they authenticate via settings). OpenAI and Anthropic providers have one or more keys for failover.';
COMMENT ON COLUMN ai_provider_keys.api_key IS 'API key used to authenticate with the upstream AI provider. Encrypted at rest via dbcrypt when api_key_key_id is set.';
COMMENT ON COLUMN ai_provider_keys.api_key_key_id IS 'The ID of the key used to encrypt the provider API key. If this is NULL, the API key is not encrypted.';
CREATE INDEX idx_ai_provider_keys_provider_id ON ai_provider_keys (provider_id);
-- Audit support: allow ai_providers and ai_provider_keys to appear in
-- audit_log.resource_type.
ALTER TYPE resource_type ADD VALUE IF NOT EXISTS 'ai_provider';
ALTER TYPE resource_type ADD VALUE IF NOT EXISTS 'ai_provider_key';
-- API key scopes for ai_provider resources.
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'ai_provider:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'ai_provider:create';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'ai_provider:delete';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'ai_provider:read';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'ai_provider:update';
Reference in New Issue View Git Blame Copy Permalink