proxyagent 0.6.0__tar.gz → 0.7.0__tar.gz

{proxyagent-0.6.0 → proxyagent-0.7.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: proxyagent
-Version: 0.6.0
+Version: 0.7.0
 Summary: Run any agent (Claude, Codex, custom) on any machine — with no API key on the machine. A secure, self-hosted proxy for models and tools.
 Project-URL: Homepage, https://github.com/teddyoweh/proxyagent
 Author-email: Spawn Labs <teddy@spawnlabs.ai>
@@ -178,10 +178,18 @@ is to centralise *all* of them so the machine running the harness holds only a `
 | **Codex** | OpenAI | API key · OAuth (ChatGPT) · Azure |
 | **Gemini CLI** | Google | API key · OAuth · Vertex |
 
-Connect each mode once in the dashboard's **Harnesses** tab. API-key mode is wired today;
-Bedrock / Vertex / OAuth-refresh (the cloud-credential paths enterprises actually use) are
-being built out — the proxy holds the AWS/GCP creds and signs upstream, so the machine needs
-none. The model providers below are the *backends* for model-agnostic harnesses (aider, Cline…).
+Connect each mode in the dashboard's **Harnesses** tab (or `proxyagent provider add … --kind`).
+**API key, OAuth, AWS Bedrock, and Azure are wired today** — for Bedrock the proxy holds the AWS
+credentials and **SigV4-signs** the Claude-on-Bedrock request itself, so the machine needs no
+AWS at all. (Vertex lands next.) The model providers below are the *backends* for model-agnostic
+harnesses (aider, Cline…).
+
+```bash
+# the cloud-credential paths — the machine that runs the harness holds none of these:
+proxyagent provider add anthropic --kind bedrock --key <AWS_SECRET>   # + meta: access_key, region
+proxyagent provider add openai    --kind azure   --key <AZURE_KEY>    # + meta: endpoint
+proxyagent provider add anthropic --kind oauth    --key <OAUTH_TOKEN>
+```
 
 ## Credential pools & failover
 A provider isn't one key — it's a **pool**. Add as many credentials as you want, across

{proxyagent-0.6.0 → proxyagent-0.7.0}/README.md

@@ -146,10 +146,18 @@ is to centralise *all* of them so the machine running the harness holds only a `
 | **Codex** | OpenAI | API key · OAuth (ChatGPT) · Azure |
 | **Gemini CLI** | Google | API key · OAuth · Vertex |
 
-Connect each mode once in the dashboard's **Harnesses** tab. API-key mode is wired today;
-Bedrock / Vertex / OAuth-refresh (the cloud-credential paths enterprises actually use) are
-being built out — the proxy holds the AWS/GCP creds and signs upstream, so the machine needs
-none. The model providers below are the *backends* for model-agnostic harnesses (aider, Cline…).
+Connect each mode in the dashboard's **Harnesses** tab (or `proxyagent provider add … --kind`).
+**API key, OAuth, AWS Bedrock, and Azure are wired today** — for Bedrock the proxy holds the AWS
+credentials and **SigV4-signs** the Claude-on-Bedrock request itself, so the machine needs no
+AWS at all. (Vertex lands next.) The model providers below are the *backends* for model-agnostic
+harnesses (aider, Cline…).
+
+```bash
+# the cloud-credential paths — the machine that runs the harness holds none of these:
+proxyagent provider add anthropic --kind bedrock --key <AWS_SECRET>   # + meta: access_key, region
+proxyagent provider add openai    --kind azure   --key <AZURE_KEY>    # + meta: endpoint
+proxyagent provider add anthropic --kind oauth    --key <OAUTH_TOKEN>
+```
 
 ## Credential pools & failover
 A provider isn't one key — it's a **pool**. Add as many credentials as you want, across

{proxyagent-0.6.0 → proxyagent-0.7.0}/proxyagent/__init__.py

@@ -16,7 +16,7 @@ from typing import Optional
 
 from .harness import run  # noqa: F401  (the headline SDK call)
 
-__version__ = "0.6.0"
+__version__ = "0.7.0"
 __all__ = ["run", "serve", "create_app", "Config", "Admin", "__version__"]
 
 

{proxyagent-0.6.0 → proxyagent-0.7.0}/proxyagent/config.py

@@ -101,7 +101,7 @@ AUTH_LABELS = {"api_key": "API key", "oauth": "OAuth", "bedrock": "AWS Bedrock",
                "vertex": "Google Vertex", "azure": "Azure"}
 # Auth modes that are fully wired today (just a key swap). Others are surfaced in the
 # UI as "available" and built out (Bedrock SigV4 / Vertex token / OAuth refresh).
-AUTH_READY = {"api_key"}
+AUTH_READY = {"api_key", "oauth", "bedrock", "azure"}
 
 
 @dataclass

{proxyagent-0.6.0 → proxyagent-0.7.0}/proxyagent/providers.py

@@ -12,7 +12,7 @@ import json
 
 import httpx
 
-from . import pricing
+from . import pricing, signers
 from .config import Config, PROVIDERS
 from .store import Store, now_ms
 
@@ -47,6 +47,34 @@ def resolve_auth(provider, store: Store | None) -> tuple[dict, bool]:
     return (cands[0], True) if cands else ({}, False)
 
 
+def build_plans(provider, store: Store | None, body: dict) -> list[tuple]:
+    """Every way to fulfil this request, in rotation order, as (url, headers, body_bytes).
+    Each credential kind maps to its own upstream + signing: api_key/oauth → the provider
+    endpoint; azure → a custom deployment URL; bedrock → SigV4-signed Claude-on-Bedrock."""
+    plans: list[tuple] = []
+    raw = json.dumps(body).encode("utf-8")
+    JSON = {"content-type": "application/json"}
+    if store:
+        for c in store.get_credentials(provider.name):
+            kind, meta = c["kind"], (c.get("meta") or {})
+            if kind == "api_key":
+                plans.append((provider.endpoint, {**JSON, **_headers_for(provider, c["secret"], "api_key")}, raw))
+            elif kind == "oauth":
+                plans.append((provider.endpoint, {**JSON, "Authorization": f"Bearer {c['secret']}", **provider.extra_headers}, raw))
+            elif kind == "azure":
+                ep = (meta.get("endpoint") or "").rstrip("/")
+                if ep:
+                    plans.append((ep, {**JSON, "api-key": c["secret"]}, raw))
+            elif kind == "bedrock":
+                try:
+                    plans.append(signers.bedrock_plan(c, body))
+                except Exception:  # noqa: BLE001 — skip a malformed bedrock cred
+                    pass
+    if provider.key:
+        plans.append((provider.endpoint, {**JSON, **provider.auth_headers()}, raw))
+    return plans
+
+
 def scope_allows(scope: list[str], provider: str, model: str) -> bool:
     """A scope entry is a glob over 'provider:model', e.g. 'anthropic:claude-*', or '*'."""
     target = f"{provider}:{model or '*'}"
@@ -86,14 +114,12 @@ async def forward(
             return 200, {"content-type": "text/event-stream"}, _mock_stream(provider.shape, payload), None
         return 200, {"content-type": "application/json"}, payload, None
 
-    candidates = resolve_candidates(provider, store)
-    if not candidates:
+    plans = build_plans(provider, store, body)
+    if not plans:
         return 502, {}, {"error": f"provider '{provider_name}' not configured on the proxy "
                                   f"(set {provider.key_env} or `proxyagent provider add {provider_name}`)"}, None
 
-    url = provider.endpoint
-
-    def _log(status, ptok, ctok, err=None, attempt=0):
+    def _log(status, ptok, ctok, err=None):
         store.log_request(
             token_id=token["id"], token_label=token.get("label"), provider=provider_name,
             model=model, status=status, prompt_tokens=ptok, completion_tokens=ctok,
@@ -108,12 +134,10 @@ async def forward(
             status = 200
             try:
                 async with httpx.AsyncClient(timeout=config.request_timeout) as client:
-                    for i, auth in enumerate(candidates):
-                        async with client.stream(
-                            "POST", url, headers={"content-type": "application/json", **auth}, json=body
-                        ) as resp:
+                    for i, (url, headers, raw) in enumerate(plans):
+                        async with client.stream("POST", url, headers=headers, content=raw) as resp:
                             status = resp.status_code
-                            if status in FAILOVER_STATUS and i < len(candidates) - 1:
+                            if status in FAILOVER_STATUS and i < len(plans) - 1:
                                 await resp.aread()  # drain + rotate to the next credential
                                 continue
                             async for chunk in resp.aiter_raw():
@@ -134,12 +158,12 @@ async def forward(
                 _log(status, ptok, ctok)
         return 200, {"content-type": "text/event-stream"}, _gen(), None
 
-    # Non-streaming, with credential failover.
+    # Non-streaming, with credential failover across the pool.
     last_status, last_payload = 502, {"error": "all credentials failed"}
     async with httpx.AsyncClient(timeout=config.request_timeout) as client:
-        for i, auth in enumerate(candidates):
-            resp = await client.post(url, headers={"content-type": "application/json", **auth}, json=body)
-            if resp.status_code in FAILOVER_STATUS and i < len(candidates) - 1:
+        for i, (url, headers, raw) in enumerate(plans):
+            resp = await client.post(url, headers=headers, content=raw)
+            if resp.status_code in FAILOVER_STATUS and i < len(plans) - 1:
                 last_status = resp.status_code
                 continue
             try:

{proxyagent-0.6.0 → proxyagent-0.7.0}/proxyagent/server.py

@@ -35,9 +35,10 @@ class TokenBody(BaseModel):
 class ProviderBody(BaseModel):
     provider: str
     secret: str
-    kind: str = "api_key"            # api_key | oauth
+    kind: str = "api_key"            # api_key | oauth | bedrock | azure | vertex
     label: str | None = None
     refresh: str | None = None
+    meta: dict | None = None         # bedrock: {access_key, region}; azure: {endpoint}
 
 
 def create_app(config: Config | None = None) -> FastAPI:
@@ -204,7 +205,7 @@ def create_app(config: Config | None = None) -> FastAPI:
         if body.provider not in PROVIDERS:
             raise HTTPException(400, f"unknown provider; known: {list(PROVIDERS)}")
         cid = store.add_credential(body.provider, body.secret, kind=body.kind,
-                                   label=body.label, refresh=body.refresh)
+                                   label=body.label, refresh=body.refresh, meta=body.meta)
         return {"id": cid, "provider": body.provider, "kind": body.kind,
                 "stored": "encrypted" if crypto.encryption_available() else "plaintext"}
 
@@ -227,19 +228,28 @@ def create_app(config: Config | None = None) -> FastAPI:
     async def harnesses(authorization: str | None = Header(None),
                         x_admin_token: str | None = Header(None)):
         require_admin(authorization, x_admin_token)
-        stored = {c["provider"] for c in store.list_credentials() if c["active"]}
+        kinds_by_prov: dict[str, set] = {}
+        for c in store.list_credentials():
+            if c["active"]:
+                kinds_by_prov.setdefault(c["provider"], set()).add(c["kind"])
         out = []
         for name, h in HARNESSES.items():
             prov = PROVIDERS.get(h["provider"])
-            configured = bool(prov and prov.key) or h["provider"] in stored
+            have = kinds_by_prov.get(h["provider"], set())
+            env_key = bool(prov and prov.key)
+
+            def _conn(m):
+                if m == "api_key":
+                    return env_key or "api_key" in have
+                return m in have
+
             out.append({
                 "name": name, "label": h["label"], "provider": h["provider"],
                 "color": h["color"], "install": h["install"],
                 "auth": [{"mode": m, "label": AUTH_LABELS.get(m, m),
-                          "ready": m in AUTH_READY,
-                          "connected": m == "api_key" and configured}
+                          "ready": m in AUTH_READY, "connected": _conn(m)}
                          for m in h["auth"]],
-                "configured": configured,
+                "configured": env_key or bool(have),
             })
         return {"harnesses": out}
 

proxyagent-0.7.0/proxyagent/signers.py

@@ -0,0 +1,88 @@
+"""Request signers for the cloud auth modes — so the proxy holds the cloud credentials
+and the machine running the harness holds none.
+
+  * AWS SigV4 (Bedrock) — full signature, no boto3 dependency.
+  * Azure OpenAI — api-key header to a custom deployment endpoint.
+
+Vertex (GCP service-account → access token) lands next.
+"""
+
+from __future__ import annotations
+
+import datetime
+import hashlib
+import hmac
+import json
+from urllib.parse import quote
+
+
+def _sign(key: bytes, msg: str) -> bytes:
+    return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
+
+
+def sigv4_headers(*, method: str, host: str, path: str, region: str, service: str,
+                  access_key: str, secret_key: str, body: bytes,
+                  session_token: str | None = None,
+                  content_type: str = "application/json", now: datetime.datetime | None = None) -> dict:
+    """AWS Signature Version 4 headers for a request. `path` must already be URI-encoded."""
+    now = now or datetime.datetime.now(datetime.timezone.utc)
+    amzdate = now.strftime("%Y%m%dT%H%M%SZ")
+    datestamp = now.strftime("%Y%m%d")
+    payload_hash = hashlib.sha256(body).hexdigest()
+
+    hdrs = {"content-type": content_type, "host": host, "x-amz-date": amzdate}
+    if session_token:
+        hdrs["x-amz-security-token"] = session_token
+    signed_headers = ";".join(sorted(hdrs))
+    canonical_headers = "".join(f"{k}:{hdrs[k]}\n" for k in sorted(hdrs))
+    canonical_request = f"{method}\n{path}\n\n{canonical_headers}\n{signed_headers}\n{payload_hash}"
+
+    scope = f"{datestamp}/{region}/{service}/aws4_request"
+    string_to_sign = (f"AWS4-HMAC-SHA256\n{amzdate}\n{scope}\n"
+                      f"{hashlib.sha256(canonical_request.encode()).hexdigest()}")
+    k_date = _sign(("AWS4" + secret_key).encode("utf-8"), datestamp)
+    k_region = _sign(k_date, region)
+    k_service = _sign(k_region, service)
+    k_signing = _sign(k_service, "aws4_request")
+    signature = hmac.new(k_signing, string_to_sign.encode("utf-8"), hashlib.sha256).hexdigest()
+
+    auth = (f"AWS4-HMAC-SHA256 Credential={access_key}/{scope}, "
+            f"SignedHeaders={signed_headers}, Signature={signature}")
+    out = {"Authorization": auth, "x-amz-date": amzdate, "content-type": content_type}
+    if session_token:
+        out["x-amz-security-token"] = session_token
+    return out
+
+
+# Map a few common Anthropic model ids → their Bedrock ids (best-effort; pass a bedrock id directly to skip).
+def bedrock_model_id(model: str) -> str:
+    if model.startswith("anthropic.") or ":" in model:
+        return model
+    table = {
+        "claude-opus-4": "anthropic.claude-opus-4-20250514-v1:0",
+        "claude-sonnet-4-5": "anthropic.claude-sonnet-4-5-20250929-v1:0",
+        "claude-sonnet-4": "anthropic.claude-sonnet-4-20250514-v1:0",
+        "claude-3-5-sonnet": "anthropic.claude-3-5-sonnet-20241022-v2:0",
+        "claude-3-5-haiku": "anthropic.claude-3-5-haiku-20241022-v1:0",
+    }
+    for prefix, bid in table.items():
+        if model.startswith(prefix):
+            return bid
+    return model
+
+
+def bedrock_plan(cred: dict, body: dict):
+    """(url, headers, body_bytes) for a Claude-on-Bedrock invoke, SigV4-signed here."""
+    meta = cred.get("meta") or {}
+    region = meta.get("region", "us-east-1")
+    model_id = bedrock_model_id(body.get("model", ""))
+    payload = {k: v for k, v in body.items() if k != "model"}
+    payload["anthropic_version"] = "bedrock-2023-05-31"
+    raw = json.dumps(payload).encode("utf-8")
+    host = f"bedrock-runtime.{region}.amazonaws.com"
+    path = f"/model/{quote(model_id, safe='')}/invoke"
+    headers = sigv4_headers(
+        method="POST", host=host, path=path, region=region, service="bedrock",
+        access_key=meta.get("access_key", ""), secret_key=cred.get("secret", ""),
+        body=raw, session_token=meta.get("session_token"))
+    return f"https://{host}{path}", headers, raw

{proxyagent-0.6.0 → proxyagent-0.7.0}/proxyagent/ui/index.html

@@ -181,14 +181,9 @@ async function renderHarnesses(){
       ${h.configured?'<span class="pill ok">ready</span>':'<span class="pill no">connect a key</span>'}</div>
       <div class="badges">${chips}</div>
       <div class="models mono" style="font-size:11px">${h.install}</div>
-      <div class="row"><button class="sm" onclick="openConnect('h_${h.name}')">Connect API key</button></div>
-      <div class="connect" id="c_h_${h.name}">
-        <input id="k_h_${h.name}" type="password" placeholder="${h.provider} API key"/>
-        <div class="row"><button class="sm" onclick="connectHarness('${h.name}','${h.provider}')">Save</button><button class="ghost sm" onclick="openConnect('h_${h.name}')">Cancel</button></div>
-      </div></div>`}).join("");
+      <div class="row"><button class="sm" onclick="openConnect('h_${h.name}')">+ Connect auth</button></div>
+      <div class="connect" id="c_h_${h.name}">${connectForm('h_'+h.name, h.auth.map(a=>a.mode), h.provider)}</div></div>`}).join("");
 }
-async function connectHarness(name,provider){const key=document.getElementById("k_h_"+name).value.trim();if(!key)return;
-  await api("/admin/providers",{method:"POST",body:JSON.stringify({provider,secret:key,kind:"api_key"})});renderHarnesses();refreshProviders()}
 async function refreshProviders(){
   const d=await(await api("/admin/catalog")).json();const g=document.getElementById("provgrid");
   let connected=0;
@@ -199,18 +194,34 @@ async function refreshProviders(){
       <div class="badges">${p.kinds.map(k=>`<span class="badge">${k}</span>`).join("")}${p.via_env?'<span class="badge on">env</span>':''}</div>
       <div style="display:flex;flex-direction:column;gap:6px;margin:6px 0 11px">${credrows||'<span class="muted" style="font-size:11.5px">No keys yet</span>'}</div>
       <div class="row"><button class="sm" onclick="openConnect('${p.name}')">+ Add credential</button></div>
-      <div class="connect" id="c_${p.name}">
-        ${p.kinds.length>1?`<select id="kind_${p.name}">${p.kinds.map(k=>`<option value="${k}">${k}</option>`).join("")}</select>`:`<input id="kind_${p.name}" type="hidden" value="api_key"/>`}
-        <input id="k_${p.name}" type="password" placeholder="${p.name} key / token"/>
-        <div class="row"><button class="sm" onclick="connect('${p.name}')">Add</button><button class="ghost sm" onclick="openConnect('${p.name}')">Cancel</button></div>
-      </div></div>`}).join("");
+      <div class="connect" id="c_${p.name}">${connectForm(p.name,p.kinds,p.name)}</div></div>`}).join("");
   document.getElementById("s_prov").textContent=connected;
 }
 function openConnect(n){document.getElementById("c_"+n).classList.toggle("open")}
-async function connect(n){const key=document.getElementById("k_"+n).value.trim();if(!key)return;
-  const kindEl=document.getElementById("kind_"+n);const kind=kindEl?kindEl.value:"api_key";
-  await api("/admin/providers",{method:"POST",body:JSON.stringify({provider:n,secret:key,kind})});refreshProviders()}
-async function disconnect(id){await api("/admin/providers/"+id,{method:"DELETE"});refreshProviders()}
+function fieldsFor(uid,kind){
+  if(kind==="bedrock")return `<input id="f1_${uid}" placeholder="AWS access key id"/><input id="f2_${uid}" type="password" placeholder="AWS secret access key"/><input id="f3_${uid}" placeholder="region (default us-east-1)"/>`;
+  if(kind==="azure")return `<input id="f1_${uid}" placeholder="Azure endpoint URL (…/chat/completions?api-version=…)"/><input id="f2_${uid}" type="password" placeholder="api-key"/>`;
+  if(kind==="vertex")return `<span class="muted" style="font-size:12px">Vertex (service-account JSON) — coming next.</span>`;
+  return `<input id="f1_${uid}" type="password" placeholder="${kind==='oauth'?'OAuth access token':'API key'}"/>`;
+}
+function onKind(uid){document.getElementById("ff_"+uid).innerHTML=fieldsFor(uid,document.getElementById("kind_"+uid).value)}
+function connectForm(uid,kinds,provider){
+  return `<select id="kind_${uid}" onchange="onKind('${uid}')">${kinds.map(k=>`<option value="${k}">${k}</option>`).join("")}</select>
+    <div id="ff_${uid}">${fieldsFor(uid,kinds[0])}</div>
+    <div class="row"><button class="sm" onclick="submitCred('${uid}','${provider}')">Add credential</button><button class="ghost sm" onclick="openConnect('${uid}')">Cancel</button></div>`;
+}
+async function submitCred(uid,provider){
+  const kind=document.getElementById("kind_"+uid).value,g=id=>{const e=document.getElementById(id);return e?e.value.trim():""};
+  let secret,meta={};
+  if(kind==="bedrock"){secret=g("f2_"+uid);meta={access_key:g("f1_"+uid),region:g("f3_"+uid)||"us-east-1"}}
+  else if(kind==="azure"){secret=g("f2_"+uid);meta={endpoint:g("f1_"+uid)}}
+  else if(kind==="vertex"){return}
+  else{secret=g("f1_"+uid)}
+  if(!secret)return;
+  await api("/admin/providers",{method:"POST",body:JSON.stringify({provider,secret,kind,meta})});
+  renderHarnesses();refreshProviders();
+}
+async function disconnect(id){await api("/admin/providers/"+id,{method:"DELETE"});renderHarnesses();refreshProviders()}
 
 async function refreshTokens(){const d=await(await api("/admin/tokens")).json();
   document.getElementById("toks").innerHTML=d.tokens.map(t=>`<tr><td class="mono">${t.id}</td><td>${t.label||""}</td><td class="mono">${t.masked||""}</td><td class="mono">${(t.scope||[]).join(", ")}</td><td class="mono">${t.budget_usd?('$'+(t.spent_usd||0).toFixed(4)+' / $'+(+t.budget_usd).toFixed(2)):'—'}</td><td>${t.revoked?'<span class="pill no">revoked</span>':'<span class="pill ok">active</span>'}</td><td>${t.revoked?"":`<button class="danger sm" onclick="revokeTok('${t.id}')">revoke</button>`}</td></tr>`).join("")}

{proxyagent-0.6.0 → proxyagent-0.7.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "proxyagent"
-version = "0.6.0"
+version = "0.7.0"
 description = "Run any agent (Claude, Codex, custom) on any machine — with no API key on the machine. A secure, self-hosted proxy for models and tools."
 readme = "README.md"
 requires-python = ">=3.10"

{proxyagent-0.6.0 → proxyagent-0.7.0}/tests/test_proxy.py

@@ -202,3 +202,37 @@ def test_credential_pool_and_failover_order():
     assert cands[1]["Authorization"] == "Bearer sk-2"        # failover tries #2 next
     listed = s.list_credentials()
     assert len(listed) == 2 and all("secret" not in c and c["masked"] for c in listed)
+
+
+def test_sigv4_structure_and_determinism():
+    import datetime, re
+    from proxyagent.signers import sigv4_headers
+    now = datetime.datetime(2015, 8, 30, 12, 36, 0, tzinfo=datetime.timezone.utc)
+    kw = dict(method="POST", host="bedrock-runtime.us-east-1.amazonaws.com", path="/model/x/invoke",
+              region="us-east-1", service="bedrock", access_key="AKIDEXAMPLE",
+              secret_key="wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY", body=b'{"a":1}', now=now)
+    h1, h2 = sigv4_headers(**kw), sigv4_headers(**kw)
+    assert h1 == h2                                  # deterministic at a fixed time
+    a = h1["Authorization"]
+    assert a.startswith("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/bedrock/aws4_request")
+    assert "SignedHeaders=content-type;host;x-amz-date" in a
+    assert re.search(r"Signature=[0-9a-f]{64}$", a) and h1["x-amz-date"] == "20150830T123600Z"
+
+
+def test_bedrock_plan_and_build_plans():
+    from proxyagent.signers import bedrock_plan
+    from proxyagent.providers import build_plans
+    url, headers, raw = bedrock_plan(
+        {"secret": "sk", "meta": {"access_key": "AKID", "region": "us-west-2"}},
+        {"model": "claude-sonnet-4-5", "max_tokens": 10, "messages": []})
+    assert url.startswith("https://bedrock-runtime.us-west-2.amazonaws.com/model/") and url.endswith("/invoke")
+    import json
+    b = json.loads(raw)
+    assert b["anthropic_version"] == "bedrock-2023-05-31" and "model" not in b
+    assert headers["Authorization"].startswith("AWS4-HMAC-SHA256")
+    # a provider can mix api_key + bedrock in its pool; both become plans
+    s = Store(":memory:")
+    s.add_credential("anthropic", "sk-1", kind="api_key")
+    s.add_credential("anthropic", "awssecret", kind="bedrock", meta={"access_key": "AKID", "region": "us-east-1"})
+    plans = build_plans(PROVIDERS["anthropic"], s, {"model": "claude-sonnet-4-5", "messages": []})
+    assert len(plans) == 2 and plans[0][0].endswith("/v1/messages") and "bedrock-runtime" in plans[1][0]