b6c2998eb3
## Description Add `aibridge-proxy` module that configures workspaces to use AI Bridge Proxy. Downloads the proxy's CA certificate and exposes `proxy_auth_url` and `cert_path` outputs for tool-specific modules to configure the proxy scoped to their process. The module does not set proxy environment variables globally in the workspace. ## Type of Change - [x] New module - [ ] New template - [ ] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information <!-- Delete this section if not applicable --> **Path:** `registry/coder/modules/aibridge-proxy` **New version:** `v1.0.0` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues Closes: https://github.com/coder/internal/issues/1187
| display_name | description | icon | verified | tags | ||
|---|---|---|---|---|---|---|
| AI Bridge Proxy | Configure a workspace to route AI tool traffic through AI Bridge via AI Bridge Proxy. | ../../../../.icons/coder.svg | true |
|
AI Bridge Proxy
This module configures a Coder workspace to use AI Bridge Proxy.
It downloads the proxy's CA certificate from the Coder deployment and provides Terraform outputs (proxy_auth_url and cert_path) that tool-specific modules can use to route their traffic through the proxy.
module "aibridge-proxy" {
source = "registry.coder.com/coder/aibridge-proxy/coder"
version = "1.0.0"
agent_id = coder_agent.main.id
proxy_url = "https://aiproxy.example.com"
}
Note
AI Bridge Proxy is a Premium Coder feature that requires AI Governance Add-On. See the AI Bridge Proxy setup guide for details on configuring the proxy on your Coder deployment.
How it works
AI Bridge Proxy is an HTTP proxy that intercepts traffic to AI providers and forwards it through AI Bridge, enabling centralized LLM management, governance, and cost tracking. Any process with the proxy environment variables set will route all its traffic through the proxy.
This module does not set proxy environment variables globally on the workspace.
Instead, it provides Terraform outputs (proxy_auth_url and cert_path) that tool-specific modules consume to configure proxy routing.
See the Copilot module for a working integration example.
It is recommended that tool modules scope the proxy environment variables to their own process rather than setting them globally on the workspace, to avoid routing unnecessary traffic through the proxy.
Warning
If the setup script fails (e.g. the proxy is unreachable), the workspace will still start but the agent will report a startup script error. Tools that depend on the proxy will not work until the issue is resolved. Check the workspace build logs for details.
Startup Coordination
When used with tool-specific modules (e.g. Copilot),
the setup script signals completion via coder exp sync so dependent modules can wait for the aibridge-proxy module to complete before starting.
Dependent modules are unblocked once the setup script finishes, regardless of success or failure. If the setup fails, dependent modules are expected to detect the failure and handle the error accordingly.
To enable startup coordination, set CODER_AGENT_SOCKET_SERVER_ENABLED=true in the workspace container environment:
env = [
"CODER_AGENT_TOKEN=${coder_agent.main.token}",
"CODER_AGENT_SOCKET_SERVER_ENABLED=true",
]
Note
Startup coordination requires Coder >= v2.30. Without it, the sync calls are skipped gracefully but dependent modules may fail to start if the
aibridge-proxysetup has not completed in time.
Examples
Custom certificate path
module "aibridge-proxy" {
source = "registry.coder.com/coder/aibridge-proxy/coder"
version = "1.0.0"
agent_id = coder_agent.main.id
proxy_url = "https://aiproxy.example.com"
cert_path = "/home/coder/.certs/aibridge-proxy-ca.pem"
}
Proxy with custom port
For deployments where the proxy is accessed directly on a configured port. See security considerations for network access guidelines.
module "aibridge-proxy" {
source = "registry.coder.com/coder/aibridge-proxy/coder"
version = "1.0.0"
agent_id = coder_agent.main.id
proxy_url = "http://internal-proxy:8888"
}