lex-llm-bedrock 0.3.6 → 0.3.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba5cbf8b2adeb7ce05f969bfef32582c03d238febed07790345841d1cf038eba
-  data.tar.gz: 96fd62bc8575afa30a836c084e3d4f8745dfd59566f7210ec6226f4a466444f5
+  metadata.gz: 5ef7a8a909bb86688882fc9ffca3c7fd96955d75cb01e5048efa954909599c49
+  data.tar.gz: 90d58f5f3e6f976b2332341e6f5624064a5b70f7ce5381d4df94b082d7398ab7
 SHA512:
-  metadata.gz: 4cf60483077635545837818151d76674d3a8f69550dce991f3c8def75f1c9fabe882b30efedbeffe57c051040b53e7b473a92d34199c9edf7da2f6441fecddcc
-  data.tar.gz: 9098f7257c42b29f48ea2cb6d212ef737b8473f7d53e3f9bddedbde7e4be7c2887ce1d82e998905fbf86621975537fe49bd3181792d8a23925dbada75fa5fc33
+  metadata.gz: ab5e3feccaee75a608ba7032721bd899e74e9059bfee3704ebc45b1f1733a5341eb2e1f1f99be48bdc2b0eee4555aaf8985e1c84a2c673474dbc4ae018abf6b7
+  data.tar.gz: 61b3a978d40a10d91f725ffd3ebc7b937596fa60740fb9e3d168cbba6f19fc2a50f27af56a637612c4980b1e4408dcae61e2148fff6b819026ed35811fbdcf6c

data/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Changelog
 
+## 0.3.8 - 2026-05-13
+
+- Auto-prefix `us.` on `inference_profile_id` for Anthropic, Meta, Mistral, Cohere, and AI21 models at API call time.
+- Filter empty content blocks from messages to satisfy Bedrock validation.
+- Wire Bearer token into AWS SDK via `Aws::StaticTokenProvider` to eliminate IMDS timeout on startup.
+- Add `source` and `credential_fingerprint` fields to all discovered instances.
+- Inject default capabilities into all discovered instances.
+- Add static `CONTEXT_WINDOWS` map; `infer_limits` reads from `model_detail` cache instead of live API.
+- Override `fetch_model_detail` to return static context window data without a network call.
+- Cache live results in `discover_offerings`.
+- Add `unresolved_credential?` filter — instances with `vault://` or `env://` credential refs are skipped during registration.
+- Inject `default_model` into all discovered instances.
+
+## 0.3.7 - 2026-05-12
+
+- Use `Legion::Logging::Helper` explicitly across Bedrock provider, actor, and fleet runner logging surfaces.
+- Add non-sensitive debug logging for Bedrock tool configuration and fleet request routing.
+- Report optional actor runtime load failures through `handle_exception` instead of direct warning output.
+
 ## 0.3.6 - 2026-05-08
 
 - Accept keyword arguments in `list_models` to match the base provider contract called by `discover_offerings`.

data/lib/legion/extensions/llm/bedrock/actors/fleet_worker.rb

@@ -1,16 +1,22 @@
 # frozen_string_literal: true
 
+require 'legion/extensions/llm/bedrock'
+
 begin
   require 'legion/extensions/actors/subscription'
 rescue LoadError => e
-  warn(e.message) if $VERBOSE
+  Legion::Extensions::Llm::Bedrock.handle_exception(
+    e,
+    level: :debug,
+    handled: true,
+    operation: 'bedrock.actor.fleet_worker.load_subscription'
+  )
 end
 
 unless defined?(Legion::Extensions::Actors::Subscription)
   raise LoadError, 'LegionIO actor runtime is required for Bedrock fleet worker'
 end
 
-require 'legion/extensions/llm/bedrock'
 require 'legion/extensions/llm/fleet/provider_responder'
 
 module Legion
@@ -20,6 +26,8 @@ module Legion
         module Actor
           # Subscription actor for Bedrock fleet request consumption.
           class FleetWorker < Legion::Extensions::Actors::Subscription
+            include Legion::Logging::Helper
+
             def runner_class
               'Legion::Extensions::Llm::Bedrock::Runners::FleetWorker'
             end
@@ -33,7 +41,10 @@ module Legion
             end
 
             def enabled?
-              Legion::Extensions::Llm::Fleet::ProviderResponder.enabled_for?(Bedrock.discover_instances)
+              instances = Bedrock.discover_instances
+              enabled = Legion::Extensions::Llm::Fleet::ProviderResponder.enabled_for?(instances)
+              log.debug { "bedrock.actor.fleet_worker.enabled?: instances=#{instances.size} enabled=#{enabled}" }
+              enabled
             end
           end
         end

data/lib/legion/extensions/llm/bedrock/provider.rb

@@ -3,7 +3,7 @@
 require 'aws-sdk-bedrock'
 require 'aws-sdk-bedrockruntime'
 require 'legion/json'
-require 'legion/logging'
+require 'legion/logging/helper'
 require 'legion/extensions/llm'
 
 module Legion
@@ -26,6 +26,28 @@ module Legion
 
           ALIASES = STATIC_MODELS.to_h { |entry| [entry.fetch(:alias), entry.fetch(:model)] }.freeze
 
+          CONTEXT_WINDOWS = {
+            'anthropic.claude-sonnet-4' => 200_000,
+            'anthropic.claude-haiku-4' => 200_000,
+            'anthropic.claude-opus-4' => 200_000,
+            'anthropic.claude-3-5-sonnet' => 200_000,
+            'anthropic.claude-3-5-haiku' => 200_000,
+            'anthropic.claude-3-haiku' => 200_000,
+            'anthropic.claude-3-opus' => 200_000,
+            'anthropic.claude-3-sonnet' => 200_000,
+            'meta.llama3' => 128_000,
+            'meta.llama3-1' => 128_000,
+            'meta.llama3-2' => 128_000,
+            'meta.llama3-3' => 128_000,
+            'mistral.mistral-large' => 128_000,
+            'mistral.mistral-small' => 128_000,
+            'amazon.titan-text-express' => 8_192,
+            'amazon.titan-text-premier' => 32_000,
+            'amazon.nova-pro' => 300_000,
+            'amazon.nova-lite' => 300_000,
+            'amazon.nova-micro' => 128_000
+          }.freeze
+
           class << self
             def slug = 'bedrock'
 
@@ -38,6 +60,7 @@ module Legion
                 bedrock_session_token
                 bedrock_profile
                 bedrock_stub_responses
+                bearer_token
               ]
             end
 
@@ -51,6 +74,15 @@ module Legion
             def resolve_model_id(model_id, config: nil) # rubocop:disable Lint/UnusedMethodArgument
               ALIASES.fetch(model_id.to_s, model_id.to_s)
             end
+
+            INFERENCE_PROFILE_PREFIXES = %w[anthropic. meta. mistral. cohere. ai21.].freeze
+
+            def inference_profile_id(model)
+              return model if model.start_with?('us.', 'eu.', 'ap.', 'arn:')
+              return model unless INFERENCE_PROFILE_PREFIXES.any? { |p| model.start_with?(p) }
+
+              "us.#{model}"
+            end
           end
 
           # Capability predicates inferred from Bedrock model IDs and API modalities.
@@ -86,15 +118,19 @@ module Legion
 
           def discover_offerings(live: false, **filters)
             unless live
+              return @cached_offerings if @cached_offerings&.any?
+
               log.debug { 'bedrock.provider.discover_offerings: returning static catalog' }
               return static_offerings(**filters)
             end
 
             log.info { "bedrock.provider.discover_offerings: listing foundation models (region=#{region})" }
             response = bedrock_client.list_foundation_models(**filters)
-            Array(value(response, :model_summaries)).map { |summary| offering_from_summary(summary) }.tap do |offerings|
-              log.info { "bedrock.provider.discover_offerings: found #{offerings.size} models" }
+            @cached_offerings = Array(value(response, :model_summaries)).map do |summary|
+              offering_from_summary(summary)
             end
+            log.info { "bedrock.provider.discover_offerings: found #{@cached_offerings.size} models" }
+            @cached_offerings
           end
 
           def offering_for(model:, model_family: nil, instance_id: :default, **metadata)
@@ -164,6 +200,10 @@ module Legion
               converse_request(messages, model:, temperature:, max_tokens:, tools:, tool_prefs:),
               params
             )
+            log.debug do
+              "bedrock.provider.chat: request prepared model=#{model_id(model)} tools=#{tools.size} " \
+                "tool_choice=#{tool_choice_label(tool_prefs)} param_keys=#{params.keys.map(&:to_s).sort.join(',')}"
+            end
             parse_converse_response(runtime_client.converse(**request), model_id(model))
           end
 
@@ -174,6 +214,10 @@ module Legion
               converse_request(messages, model:, temperature:, max_tokens:, tools:, tool_prefs:),
               params
             )
+            log.debug do
+              "bedrock.provider.stream: request prepared model=#{model_id(model)} tools=#{tools.size} " \
+                "tool_choice=#{tool_choice_label(tool_prefs)} param_keys=#{params.keys.map(&:to_s).sort.join(',')}"
+            end
             stream_converse(request, model_id(model), &)
           end
 
@@ -186,7 +230,7 @@ module Legion
             log.debug { "bedrock.provider.count_tokens: model=#{model_id(model)}" }
             request = Utils.deep_merge(
               {
-                model_id: model_id(model),
+                model_id: self.class.inference_profile_id(model_id(model)),
                 input: { converse: { messages: format_messages(messages), system: system_blocks(system) }.compact }
               },
               params
@@ -275,6 +319,7 @@ module Legion
 
           def build_offering(model:, model_family:, usage_type:, instance_id: :default, alias_name: nil,
                              capabilities: nil, metadata: {})
+            limits = infer_limits(model)
             Legion::Extensions::Llm::Routing::ModelOffering.new(
               provider_family: :bedrock,
               instance_id: instance_id,
@@ -283,10 +328,24 @@ module Legion
               model: model,
               usage_type: usage_type,
               capabilities: capabilities || default_capabilities(model),
+              limits: limits,
               metadata: metadata.merge(model_family: model_family, alias: alias_name).compact
             )
           end
 
+          def infer_limits(model)
+            detail = model_detail(model.to_s)
+            return detail if detail.is_a?(Hash) && detail[:context_window]
+
+            ctx = CONTEXT_WINDOWS.find { |prefix, _| model.to_s.start_with?(prefix) }&.last
+            ctx ? { context_window: ctx } : {}
+          end
+
+          def fetch_model_detail(model_name)
+            ctx = CONTEXT_WINDOWS.find { |prefix, _| model_name.start_with?(prefix) }&.last
+            ctx ? { context_window: ctx } : nil
+          end
+
           def configured_transport(default)
             config.respond_to?(:transport) ? config.transport : default
           end
@@ -297,7 +356,7 @@ module Legion
 
           def converse_request(messages, model:, temperature:, max_tokens:, tools:, tool_prefs:)
             {
-              model_id: model_id(model),
+              model_id: self.class.inference_profile_id(model_id(model)),
               messages: format_messages(messages.reject { |message| message.role == :system }),
               system: format_system(messages),
               inference_config: { temperature: temperature, max_tokens: max_tokens || model_max_tokens(model) }.compact,
@@ -306,11 +365,11 @@ module Legion
           end
 
           def format_messages(messages)
-            messages.map do |message|
-              {
-                role: bedrock_role(message.role),
-                content: content_blocks(message.content)
-              }
+            messages.filter_map do |message|
+              blocks = content_blocks(message.content)
+              next if blocks.empty?
+
+              { role: bedrock_role(message.role), content: blocks }
             end
           end
 
@@ -331,7 +390,13 @@ module Legion
           end
 
           def content_blocks(content)
-            raw_content(content) || [{ text: content_text(content) }]
+            raw = raw_content(content)
+            return raw if raw
+
+            text = content_text(content)
+            return [] if text.strip.empty?
+
+            [{ text: text }]
           end
 
           def raw_content(content)
@@ -349,6 +414,10 @@ module Legion
           def format_tool_config(tools, tool_prefs)
             return nil if tools.empty?
 
+            log.debug do
+              "bedrock.provider.tools: formatting tools=#{tools.keys.map(&:to_s).sort.join(',')} " \
+                "tool_choice=#{tool_choice_label(tool_prefs)}"
+            end
             { tools: tools.values.map { |tool| tool_definition(tool) }, tool_choice: tool_choice(tool_prefs) }.compact
           end
 
@@ -382,6 +451,12 @@ module Legion
             end
           end
 
+          def tool_choice_label(tool_prefs)
+            return 'none' unless tool_prefs
+
+            (tool_prefs[:choice] || tool_prefs['choice'] || 'unspecified').to_s
+          end
+
           def parse_converse_response(response, fallback_model)
             output = value(response, :output)
             message = value(output, :message)
@@ -459,12 +534,23 @@ module Legion
           end
 
           def client_options
-            {
+            opts = {
               region: region,
               endpoint: config.bedrock_endpoint,
-              credentials: credentials,
               stub_responses: config.bedrock_stub_responses
-            }.compact
+            }
+
+            if bearer_token_configured?
+              opts[:token_provider] = Aws::StaticTokenProvider.new(config.bearer_token)
+            else
+              opts[:credentials] = credentials
+            end
+
+            opts.compact
+          end
+
+          def bearer_token_configured?
+            config.respond_to?(:bearer_token) && !config.bearer_token.to_s.empty?
           end
 
           def credentials

data/lib/legion/extensions/llm/bedrock/runners/fleet_worker.rb

@@ -2,6 +2,7 @@
 
 require 'legion/extensions/llm/fleet/provider_responder'
 require 'legion/extensions/llm/bedrock'
+require 'legion/logging/helper'
 
 module Legion
   module Extensions
@@ -10,9 +11,15 @@ module Legion
         module Runners
           # Runner entrypoint for Bedrock fleet request execution.
           module FleetWorker
+            extend Legion::Logging::Helper
+
             module_function
 
             def handle_fleet_request(payload, delivery: nil, properties: nil)
+              log.debug do
+                "bedrock.runner.fleet_worker.handle_fleet_request: request_id=#{payload_value(payload, :request_id)} " \
+                  "provider_instance=#{payload_value(payload, :provider_instance) || 'default'}"
+              end
               Legion::Extensions::Llm::Fleet::ProviderResponder.call(
                 payload: payload,
                 provider_family: Bedrock::PROVIDER_FAMILY,
@@ -22,6 +29,12 @@ module Legion
                 properties: properties
               )
             end
+
+            def payload_value(payload, key)
+              return nil unless payload.respond_to?(:[])
+
+              payload[key] || payload[key.to_s]
+            end
           end
         end
       end

data/lib/legion/extensions/llm/bedrock/version.rb

@@ -4,7 +4,7 @@ module Legion
   module Extensions
     module Llm
       module Bedrock
-        VERSION = '0.3.6'
+        VERSION = '0.3.8'
       end
     end
   end

data/lib/legion/extensions/llm/bedrock.rb

@@ -3,6 +3,7 @@
 require 'legion/extensions/llm'
 require 'legion/extensions/llm/bedrock/provider'
 require 'legion/extensions/llm/bedrock/version'
+require 'legion/logging/helper'
 
 module Legion
   module Extensions
@@ -58,6 +59,8 @@ module Legion
           @registry_publisher ||= Legion::Extensions::Llm::RegistryPublisher.new(provider_family: PROVIDER_FAMILY)
         end
 
+        DEFAULT_CAPABILITIES = %i[completion streaming embedding].freeze
+
         def self.discover_instances
           candidates = {}
           discover_env_bearer(candidates)
@@ -65,7 +68,23 @@ module Legion
           discover_env_sigv4(candidates)
           discover_settings(candidates)
           discover_broker(candidates)
-          CredentialSources.dedup_credentials(candidates).transform_values { |config| sanitize_instance_config(config) }
+          CredentialSources.dedup_credentials(candidates)
+                           .reject { |_, config| unresolved_credential?(config) }
+                           .transform_values do |config|
+            sanitized = sanitize_instance_config(config)
+            sanitized[:capabilities] ||= DEFAULT_CAPABILITIES.dup
+            sanitized[:default_model] ||= 'us.anthropic.claude-sonnet-4-6'
+            sanitized
+          end
+        end
+
+        def self.unresolved_credential?(config)
+          return false if config[:bedrock_profile]
+
+          cred = config[:bearer_token] || config[:bedrock_access_key_id] || config[:api_key]
+          return true if cred.nil?
+
+          cred.to_s.match?(%r{\A(vault|env)://})
         end
 
         def self.discover_env_bearer(candidates)
@@ -75,7 +94,9 @@ module Legion
           candidates[:env_bearer] = {
             bearer_token: bearer,
             bedrock_region: CredentialSources.env('AWS_DEFAULT_REGION') || DEFAULT_REGION,
-            tier: :cloud
+            tier: :cloud,
+            source: CredentialSources.source_tag(:env, 'AWS_BEARER_TOKEN_BEDROCK'),
+            credential_fingerprint: CredentialSources.credential_fingerprint(bearer)
           }
         end
 
@@ -87,7 +108,9 @@ module Legion
           candidates[:claude] = {
             bearer_token: claude_bearer,
             bedrock_region: CredentialSources.claude_env_value('AWS_DEFAULT_REGION') || DEFAULT_REGION,
-            tier: :cloud
+            tier: :cloud,
+            source: CredentialSources.source_tag(:file, '~/.claude/settings.json', 'AWS_BEARER_TOKEN_BEDROCK'),
+            credential_fingerprint: CredentialSources.credential_fingerprint(claude_bearer)
           }
         end
 
@@ -99,7 +122,10 @@ module Legion
           candidates[:env_sigv4] = {
             api_key: akid, bedrock_access_key_id: akid, bedrock_secret_access_key: skey,
             bedrock_session_token: CredentialSources.env('AWS_SESSION_TOKEN'),
-            bedrock_region: CredentialSources.env('AWS_DEFAULT_REGION') || DEFAULT_REGION, tier: :cloud
+            bedrock_region: CredentialSources.env('AWS_DEFAULT_REGION') || DEFAULT_REGION,
+            tier: :cloud,
+            source: CredentialSources.source_tag(:env, 'AWS_ACCESS_KEY_ID'),
+            credential_fingerprint: CredentialSources.credential_fingerprint(akid)
           }.compact
         end
 
@@ -108,12 +134,19 @@ module Legion
           return unless settings.is_a?(Hash) && !settings.empty?
 
           default_config = dedup_config(normalize_instance_config(settings))
-          candidates[:settings] = default_config.merge(tier: :cloud) unless default_config.empty?
+          unless default_config.empty?
+            default_config[:source] = CredentialSources.source_tag(:settings, 'extensions.llm.bedrock')
+            default_config[:credential_fingerprint] = CredentialSources.config_fingerprint(default_config)
+            candidates[:settings] = default_config.merge(tier: :cloud)
+          end
 
           settings_instances(settings).each do |name, config|
             next unless config.is_a?(Hash)
 
-            candidates[name.to_sym] = dedup_config(normalize_instance_config(config)).merge(tier: :cloud)
+            normalized = dedup_config(normalize_instance_config(config))
+            normalized[:source] = CredentialSources.source_tag(:settings, "extensions.llm.bedrock.instances.#{name}")
+            normalized[:credential_fingerprint] = CredentialSources.config_fingerprint(normalized)
+            candidates[name.to_sym] = normalized.merge(tier: :cloud)
           end
         end
 
@@ -121,7 +154,11 @@ module Legion
           return unless defined?(Legion::Identity::Broker)
 
           broker_creds = broker_aws_credentials
-          candidates[:broker] = broker_creds.merge(tier: :cloud) if broker_creds
+          return unless broker_creds
+
+          broker_creds[:source] = CredentialSources.source_tag(:broker, 'identity', 'aws')
+          broker_creds[:credential_fingerprint] = CredentialSources.config_fingerprint(broker_creds)
+          candidates[:broker] = broker_creds.merge(tier: :cloud)
         end
 
         # Scan Claude config env hash for any key containing all of

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lex-llm-bedrock
 version: !ruby/object:Gem::Version
-  version: 0.3.6
+  version: 0.3.8
 platform: ruby
 authors:
 - LegionIO