Module: Legion::Extensions::Llm::Bedrock

Extended by:

Core, AutoRegistration, Logging::Helper

Defined in:

lib/legion/extensions/llm/bedrock.rb,
lib/legion/extensions/llm/bedrock/version.rb,
lib/legion/extensions/llm/bedrock/provider.rb

Overview

Amazon Bedrock provider extension namespace.

Defined Under Namespace

Classes: Provider

Constant Summary

PROVIDER_FAMILY =

:bedrock

DEFAULT_REGION =

'us-east-2'

VERSION =

'0.3.0'

Class Method Summary

• .broker_aws_credentials ⇒ Object

  Fetch AWS credentials from the Legion Identity Broker.

• .claude_env_pattern_match ⇒ Object

  Scan Claude config env hash for any key containing all of AWS, BEARER, TOKEN, and BEDROCK fragments (case-insensitive).

• .default_settings ⇒ Object
• .discover_broker(candidates) ⇒ Object
• .discover_claude_bearer(candidates) ⇒ Object
• .discover_env_bearer(candidates) ⇒ Object
• .discover_env_sigv4(candidates) ⇒ Object
• .discover_instances ⇒ Object
• .discover_settings(candidates) ⇒ Object
• .provider_class ⇒ Object
• .registry_publisher ⇒ Object

Class Method Details

.broker_aws_credentials ⇒ Object

Fetch AWS credentials from the Legion Identity Broker.

# File 'lib/legion/extensions/llm/bedrock.rb', line 117

def self.broker_aws_credentials
  return nil unless defined?(Legion::Identity::Broker)

  creds = Legion::Identity::Broker.credentials_for(:aws)
  return nil unless creds.is_a?(Hash)

  akid = creds[:access_key_id] || creds['access_key_id']
  return nil unless akid

  { api_key: akid, bedrock_access_key_id: akid,
    bedrock_secret_access_key: creds[:secret_access_key] || creds['secret_access_key'],
    bedrock_session_token: creds[:session_token] || creds['session_token'],
    bedrock_region: creds[:region] || creds['region'] || DEFAULT_REGION }.compact
end

.claude_env_pattern_match ⇒ Object

Scan Claude config env hash for any key containing all of AWS, BEARER, TOKEN, and BEDROCK fragments (case-insensitive).

# File 'lib/legion/extensions/llm/bedrock.rb', line 104

def self.claude_env_pattern_match
  env_hash = CredentialSources.claude_config_value(:env)
  return nil unless env_hash.is_a?(Hash)

  fragments = %w[AWS BEARER TOKEN BEDROCK]
  _key, value = env_hash.find do |k, _v|
    upper = k.to_s.upcase
    fragments.all? { |frag| upper.include?(frag) }
  end
  value
end

.default_settings ⇒ Object

# File 'lib/legion/extensions/llm/bedrock.rb', line 20

def self.default_settings
  {
    enabled: false,
    default_model: 'us.anthropic.claude-sonnet-4-6',
    region: DEFAULT_REGION,
    bearer_token: nil,
    api_key: nil,
    secret_key: nil,
    session_token: nil,
    model_whitelist: [],
    model_blacklist: [],
    model_cache_ttl: 3600,
    tls: { enabled: false, verify: :peer },
    instances: {}
  }
end

.discover_broker(candidates) ⇒ Object

# File 'lib/legion/extensions/llm/bedrock.rb', line 95

def self.discover_broker(candidates)
  return unless defined?(Legion::Identity::Broker)

  broker_creds = broker_aws_credentials
  candidates[:broker] = broker_creds.merge(tier: :cloud) if broker_creds
end

.discover_claude_bearer(candidates) ⇒ Object

# File 'lib/legion/extensions/llm/bedrock.rb', line 66

def self.discover_claude_bearer(candidates)
  claude_bearer = CredentialSources.claude_env_value('AWS_BEARER_TOKEN_BEDROCK')
  claude_bearer ||= claude_env_pattern_match
  return unless claude_bearer

  candidates[:claude] = {
    bearer_token: claude_bearer,
    bedrock_region: CredentialSources.claude_env_value('AWS_DEFAULT_REGION') || DEFAULT_REGION,
    tier: :cloud
  }
end

.discover_env_bearer(candidates) ⇒ Object

# File 'lib/legion/extensions/llm/bedrock.rb', line 55

def self.discover_env_bearer(candidates)
  bearer = CredentialSources.env('AWS_BEARER_TOKEN_BEDROCK')
  return unless bearer

  candidates[:env_bearer] = {
    bearer_token: bearer,
    bedrock_region: CredentialSources.env('AWS_DEFAULT_REGION') || DEFAULT_REGION,
    tier: :cloud
  }
end

.discover_env_sigv4(candidates) ⇒ Object

# File 'lib/legion/extensions/llm/bedrock.rb', line 78

def self.discover_env_sigv4(candidates)
  akid = CredentialSources.env('AWS_ACCESS_KEY_ID')
  skey = CredentialSources.env('AWS_SECRET_ACCESS_KEY')
  return unless akid && skey

  candidates[:env_sigv4] = {
    api_key: akid, bedrock_access_key_id: akid, bedrock_secret_access_key: skey,
    bedrock_session_token: CredentialSources.env('AWS_SESSION_TOKEN'),
    bedrock_region: CredentialSources.env('AWS_DEFAULT_REGION') || DEFAULT_REGION, tier: :cloud
  }.compact
end

.discover_instances ⇒ Object

# File 'lib/legion/extensions/llm/bedrock.rb', line 45

def self.discover_instances
  candidates = {}
  discover_env_bearer(candidates)
  discover_claude_bearer(candidates)
  discover_env_sigv4(candidates)
  discover_settings(candidates)
  discover_broker(candidates)
  CredentialSources.dedup_credentials(candidates)
end

.discover_settings(candidates) ⇒ Object

# File 'lib/legion/extensions/llm/bedrock.rb', line 90

def self.discover_settings(candidates)
  settings = CredentialSources.setting(:extensions, :llm, :bedrock)
  candidates[:settings] = settings.merge(tier: :cloud) if settings.is_a?(Hash) && !settings.empty?
end

.provider_class ⇒ Object

# File 'lib/legion/extensions/llm/bedrock.rb', line 37

def self.provider_class
  Provider
end

.registry_publisher ⇒ Object

# File 'lib/legion/extensions/llm/bedrock.rb', line 41

def self.registry_publisher
  @registry_publisher ||= Legion::Extensions::Llm::RegistryPublisher.new(provider_family: PROVIDER_FAMILY)
end