Skip to content

feat: Add explicit AI Gateway provider support and fix Cloudflare Access auth #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
redf0x1 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: Add explicit AI Gateway provider support and fix Cloudflare Access auth #61

redf0x1 wants to merge 3 commits into from
+812 −42

Conversation

@redf0x1
Copy link

@redf0x1 redf0x1 commented Jan 30, 2026

Summary

This PR adds support for custom OpenAI-compatible API gateways and fixes Cloudflare Access authentication issues.

Changes

AI Gateway Configuration

  • Add AI_GATEWAY_PROVIDER env var for explicit OpenAI/Anthropic provider selection
  • Add AI_GATEWAY_MODEL env var to specify custom model names
  • Add AI_GATEWAY_API_FORMAT env var to choose API type (openai-completions or openai-responses)
  • Fix OpenAI provider config to include apiKey (required for custom baseUrl)

Cloudflare Access Fixes

  • Add normalizeTeamDomain() helper to append .cloudflareaccess.com automatically
  • Fix login URLs that were truncated

Security

  • Redact API keys in debug endpoints and logs

Testing

  • All 71 tests passing
  • Tested with custom OpenAI-compatible API gateway

Breaking Changes

None - backward compatible

@redf0x1
feat: Add explicit AI_GATEWAY_PROVIDER and AI_GATEWAY_MODEL support
182a8fa 
Security:
- Redact API keys in container logs
- Redact sensitive data in /debug/container-config endpoint

Features:
- Add AI_GATEWAY_PROVIDER env var for explicit provider type override
- Add AI_GATEWAY_MODEL env var for custom model name
- Runtime validation with graceful fallback on invalid inputs

Use Cases:
This enables OpenAI-compatible endpoints that don't use /openai suffix:
- Local LLM servers (Ollama, LM Studio, vLLM)
- API gateways (LiteLLM, OpenRouter, Portkey)
- Internal proxy endpoints
- Cost optimization proxies

Tests:
- Add 8 test cases for provider/model validation (71 total)

Docs:
- Update README with new environment variables
@redf0x1
feat: Add explicit provider support, fix Cloudflare Access auth
8df9751 
## Changes
- Add AI_GATEWAY_PROVIDER for explicit OpenAI/Anthropic selection
- Add AI_GATEWAY_MODEL for custom model names
- Add AI_GATEWAY_API_FORMAT for openai-completions/openai-responses API type
- Fix Cloudflare Access domain normalization (add .cloudflareaccess.com suffix)
- Add normalizeTeamDomain() helper shared between jwt.ts and middleware.ts
- Fix OpenAI provider config to include apiKey (required for custom baseUrl)
- Add comprehensive tests for new env.ts logic

## Security
- Redact API keys in debug endpoints and container logs
- No sensitive data exposed in /debug/env or container config

## Breaking Changes
- None (backward compatible with existing configs)

Tested with custom OpenAI-compatible API gateway
Copilot AI review requested due to automatic review settings January 30, 2026 15:20
Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for custom OpenAI-compatible API gateways with explicit provider selection and fixes Cloudflare Access authentication by automatically appending .cloudflareaccess.com to team domains.

Changes:

  • Added three new environment variables for AI Gateway configuration: AI_GATEWAY_PROVIDER, AI_GATEWAY_MODEL, and AI_GATEWAY_API_FORMAT
  • Implemented normalizeTeamDomain() helper to automatically append .cloudflareaccess.com to team domain names
  • Added security improvements by redacting API keys in debug endpoints and logs

Reviewed changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
start-moltbot.sh Added provider detection logic, custom model support, API format configuration, and API key redaction in logs
src/types.ts Added type definitions for new AI Gateway configuration environment variables
src/routes/debug.ts Added comprehensive API key redaction for debug endpoints
src/gateway/env.ts Added validation and pass-through logic for new environment variables
src/gateway/env.test.ts Added comprehensive test coverage for new provider override and model configuration features
src/auth/middleware.ts Updated to use normalizeTeamDomain for login redirect URLs
src/auth/jwt.ts Added normalizeTeamDomain helper function for Cloudflare Access team domain handling
src/auth/middleware.test.ts Updated test expectations to reflect normalized team domains
README.md Updated documentation with new environment variables and examples
package-lock.json Updated with optional dependencies and peer dependency markers

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@redf0x1
fix: address Copilot PR review feedback
3ca941a 
- Redact sensitive channel tokens in config debug output
- Add validation for AI_GATEWAY_API_FORMAT values
- Add tests for normalizeTeamDomain() function
- Add test for AI_GATEWAY_API_FORMAT passthrough
- Fix normalizeTeamDomain() to strip https:// prefix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@redf0x1